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IT  pros  like  new  iPad, 
eye  iOS  5.1  warily 


BY  JOHN  COX 


THE  NEW  third-generation  Apple  iPad  is  generally  a  hit 
with  a  sampling  of  enterprise  IT  professionals  surveyed 
by  Network  World.  All  like  the  greatly  enhanced  display,  the 
graphics  processing  and  4G  LTE  wireless  support. 

But  a  few  were  hoping  for  a  bigger  processing  boost  or  one 
of  several  specific  features,  a  number  of  which  Apple  seems 
unlikely  to  ever  deliver  (like  support  for  Adobe  Flash  Web 
content).  And  several  noted  that  the  real  locus  for  enterprise 
benefits,  and  problems,  lies  in  the  latest  update  to  the  iOS 
firmware  (release  5.1  for  the  new  iPad),  about  which  Apple 
has  had  little  to  say  publicly. 

Dubbed  simply  the  “new  iPad,”  Apple’s  latest  tablet  fea¬ 
tures  double  the  screen  resolution  of  the  iPad  2  and  four 
times  the  pixels  at  2048  x  1536,  a  slightly  beefed  up  dual-core 
CPU  (the  A5X)  with  a  new  quad-core  graphics  processor, 

►  See  iPad,  page  32 
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Virtualize, 

the  plug-and-play  way. 

With  numerous  hardware,  software  and  networking  options 
to  choose  from,  virtualization  can  be  a  really  complex  process. 
The  new  IBM  BladeCenter®  Foundation  for  Cloud  with  Intel® 
Xeon®  processors  changes  all  that,  dramatically. 

It’s  a  workload-ready  platform  with  built-in  management, 
so  it’s  quick  to  deploy  and  easy  to  manage.  Also,  the  system 
integrates  seamlessly  with  your  existing  infrastructure.  So  you 
can  get  started  at  once,  without  wasting  precious  resources. 

In  addition,  you  have  the  option  to  transition  to  the  cloud  on 
your  terms,  not  on  your  vendor’s.  For  improved  business  agility 
and  reduced  IT  costs,  look  to  the  IBM  BladeCenter  Foundation 
for  Cloud. 


Take  10  minutes  to  see  for  yourself. 

See  how  the  IBM  BladeCenter  Foundation  for  Cloud  makes  things 
easy  for  you.  Visit  ibm.com/systems/foundation 


IBM,  the  IBM  logo,  ibm.com  and  BladeCenter  are  trademarks  of  International  Business  Machines  Corp,  registered  in  many  jurisdictions  worldwide. 
Other  product  and  service  names  might  be  trademarks  of  IBM  or  other  companies.  A  current  list  ot  IBM  trademarks  is  available  on  the  Web  at 
wwwjbm.com/legat'copytrade.shtmt  Intel,  the  Intel  logo,  Xeon  and  Xeon  Inside  are  trademarks  ot  Intel  Corporation  in  the  US.  and  other  countries. 
©  International  Business  Machines  Corporation  2011.  All  rights  reserved. 
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FROM  THE  EDITOR  JOHN  DIX 

SaaS  seeds 
ready  to  bloom 

One  expected  benefit  from  the  shift  to  the 
cloud  is  the  emergence  of  a  refreshing  new  crop 
of  innovative  software  suppliers. 

The  enterprise  software  market, 
after  all,  has  withered  as  the  biggest 
developers  consolidated  control 
through  acquisition.  But  when  the 
big  guys  resisted  the  shift  to  soft- 
ware-as-a-service  for  fear  of  cannibalizing  their  lucrative 
maintenance  annuities,  just  enough  light  got  through  for 
thousands  of  SaaS  seedlings  to  take  root. 

It’s  hard  to  know  exactly  how  many  new  SaaS  compa¬ 
nies  are  growing  out  there  because  many  startups  are 
staying  private  longer  due  to  the  economy,  says  Justin  Perreault,  a  general  partner 
at  Commonwealth  Capital  Ventures.  But  Commonwealth  is  investing  heavily  in 
the  category  and  he’s  sure  the  company  isn’t  alone. 

In  fact,  Perreault  says  SaaS,  along  with  developments  in  mobility  and  other 
corners  of  the  cloud  market,  is  driving  a  renaissance  in  venture  capital. 

“The  perception  is  that  the  venture  world  has  fallen  on  hard  times  because  of 
poor  showings  over  last  10  years,”  he  says.  “A  lot  of  capital  was  incinerated  in  ‘01, 
‘02,  ‘03.”  But  it  began  to  turn  around  in  2004.  “When  we  look  back  at  2012,  we’ll 
say  it  was  a  phenomenal  year  for  venture  capital.” 

Timing  is  everything.  While  venture  money  has  been  flowing  into  SaaS  for  10 
years,  only  in  the  last  year  have  large  enterprises  recognized  SaaS  as  the  way  for¬ 
ward,  says  Elliot  Katzman,  another  Commonwealth  Capital  general  partner. 

“This  is  the  deployment  mode  of  the  future,”  Perreault  says.  “It  will  take  a  while 
to  migrate,  but  it  is  clear  now  that  more  software  tools  will  go  to  the  cloud  than  we 
ever  thought  possible  just  a  few  years  ago.” 

For  buyers,  SaaS  offers  the  usual  benefits  of  sidestepping  upfront  costs  of 
premise-based  software  tools,  the  need  to  invest  in  infrastructure  to  support  the 
apps,  and  ongoing  management  and  maintenance  headaches.  What’s  more,  you 
know  you’ll  always  have  the  latest  product  enhancements  and  updates. 

But  there  is  a  big  upside  for  SaaS  suppliers  as  well,  Perreault  and  Katzman  say. 
The  supplier  can  monitor  usage  every  day  so,  if  its  tool  is  being  underutilized,  it 
can  step  in  to  investigate  and  help  the  customer  address  the  problem,  possibly  by 
upselling  the  customer  on  a  module  that  addresses  an  unforeseen  need.  With  the 
traditional  “install  the  software  and  throw  the  customer  the  keys”  mode,  nagging 
little  implementation  problems  or  gaps  in  training  can  result,  over  time,  in  a  prod¬ 
uct  dying  on  the  vine. 

A  robust  crop  of  new  SaaS  suppliers  will  inevitably  lead  to  a  round  of  consolida¬ 
tion,  Perreault  and  Katzman  agree,  but  that  is  some  time  off,  leaving  plenty  of  time 
for  new  ideas  to  flourish. 
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i  1  -SS'-i  The  maxim  “change  is  constant"  has  never  been 
more  true  than  today.  Powering  that  rapid  change 
is  a  connected  world  of  many  clouds  that  help 
you  bring  ideas  and  innovation  to  market  faster. 

To  assure  that  your  business  can  efficiently  and 
effectively  take  advantage  of  the  transformative 
power  of  clouds,  Cisco  has  developed  an 
integrated  set  of  solutions  we  call  CloudVerse. 
With  the  Cloud  Intelligent  Network,  Unified  Data 
Center,  Cloud  Applications  and  Cloud  Enablement 
Services,  the  future  is  yours  to  build. 


See  how  Cisco  enables  the  world  of  many  clouds 
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New  iPad:  Apple's  hits  and  misses 

©  IPAD  HAS  GOTTEN  a  lot  of  enterprise 
acceptance  due  to  senior  executives 
bringing  it  inside  the  company  and 
wanting  to  use  it.  The  screen’s  new  “wow” 
factor  will  accelerate  that  trend.  While 
PCs  were  brought  into  the  company  by 
technologists,  iPads  are  coming  in  from 
the  executives,  a  fact  not  really  men¬ 
tioned  in  this  article  (Re:  “Enterprise  IT 
likes  what  it  sees  in  new  iPad”;  tinyurl. 
com/86znxrx). 

IPad  is  still  a  consumption  device  and 
saying  that  these  announcements  make 
it  a  creation  device  is  perhaps  stretch¬ 
ing  the  truth  too  far.  For  now,  creation  of 
content  will  continue  to  take  place  on  PCs 
while  consumption  will  occur  on  mobile 
devices,  with  iPad  being  the  most  likely 
winner  at  this  time. 

R.  Paul  Singh 

©  I  HAVE  AN  “iPad”  —  It’s  called  a  cell¬ 
phone.  It  does  everything  the  iPad  does, 
with  a  smaller  screen.  Of  course,  it  only 
cost  me  $75  (no  contract),  not  $500-plus 
(Re:  “Why  the  holdouts 
aren’t  buying  an  iPad  3”; 
tinyurl.com/86mrtrr). 

For  the  few  people 
that  actually  need  a 
tablet  and  are  not  just 
mindless  consumer- 
ists,  there  is  no  reason 
to  buy  an  iPad  over  a 
competing  brand. 

Apple  is  a  marketing 
company,  and  it  does  a 

good  job  at  it.  _ 

GS 

©THE  COMPANY  KNOWN  for  marketing 
genius  cannot  create  an  unambiguous 
name.  When  I  get  the  next-generation 
iPad,  I  can  still  sell  this  one  as  “the  new 
iPad.”  Of  course,  people  will  still  know 
the  difference  because  Apple  will  call 
the  next  one  “the  new  new  iPad”  (Re: 
“Apple  unveils  its  next  iPad”;  tinyurl. 
com/6w4wgyn). 

Eric  Roberts 

©  SIR!,  DEFINITELY!!!  UPGRADED  though 
—  Siri  should  be  able  to  read  any  text 
(e-books,  Web  pages,  etc.)  aloud  and 
translate  multiple  languages  verbally 
(Re:  “4  things  we  want  to  see  from  iPad  4”; 
tinyurl.com/6pkv8ny). 


When  I  get  the 
next-generation 
iPad,  I  can  still 
sell  this  one  as 
‘the  new  iPad.” 


I  would  add : 

1.  Witricity  or  other  built-in  wireless 
charging  solution  over  a  distance  (not 
induction). 

2.  Heptic  or  other  textural  feedback 
for  touchscreen  (simulated  physical 
keyboard  maybe). 

3.  Pressure  sensitivity  and  palm 
cancelation  for  artists,  etc.  (smart  stylus 
to  go  with  it). 

4.  Solid  waterproofing  to  a  decent 
depth  (more  rugged  overall). 

Guest 

Where  is  the  IT  talent? 

©  I  CUT  MY  teeth  on  DOS  in  the  ’80s. 
When  mainframes  began  giving  way  to 
networks,  we  specialized.  We  had  server 
people,  desktop  people,  cable  people, 
router  people,  firewall  people,  etc.  (Re: 
“CIOs  struggle  to  find  IT  talent”;  tinyurl. 
com/73zy2f4). 

The  applications  you  see  today,  they 
want  someone  that  is  wearing  four,  five 
or  six  of  those  hats.  College  kids  don’t 
have  that  kind  of  experience,  and  we  in 
the  40-50  age  range 
don’t  want  college- 
kid  money  or  short 
contract  positions. 

shirlj63 


©FUNDAMENTALLY 
THE  MAIN  issue  is  that 
career  advice  for  the 
young  is  practically 
nonexistent  or  poor. 
We  are  not  focusing  on 
_  supporting  develop¬ 
ment  throughout  the 
education  process,  and  therefore  gaining 
the  breadth  of  skills  needed  for  these 
types  of  roles  is  almost  impossible  to 
gain  in  a  1-2  HE  course.  The  truth  is  that, 
yes,  the  staff  with  these  skills  are  those 
who  have  been  around  many  roles  in 
various  technical  guises.  So  where  we 
should  be  focusing  on  today,  is  how  we 
can  support  career  advice  at  an  early  age 
to  ensure  we  end  up  with  younger  entry- 
level  staff  who  can  then  be  mentored 
and  supported  by  those  with  the 
experience. 

There  are  solutions  and  we  have  them, 
but  the  issue  is  that  unless  there  is  a  wider 
consensus  to  use  them,  only  small  groups 
will  benefit  from  them. 

NikMears 
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That's  why  at  1&1,  all  domains  come  with  FREE  Private  Domain  Registration  to  protect  your 
name,  address,  phone  number  and  e-mail  from  spammers  and  identity  thieves. 
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Touring  the 
|  787  Dreamliner 
aircraft 

Boeing  stopped  in  Boston 
with  its  new  787  Dream¬ 
liner  aircraft,  and  gave  us 
■  a  tour.  Japan  Airlines  will 
offer  nonstop  service  with 
the  787  from  Boston  to 
Tokyo  starting  in  April. 


Contestants  hack 
the  heck  out  of  Chrome 


DUELING  BROWSER-EXPLOIT  CONTESTS  at  the 

CanSecWest  conference  yielded  immediate  results  -  two  hacks 
against  Google  Chrome  —  with  contestants  in  both  competitions 
demonstrating  exploits  within  an  hour.  In  the  Chrome  Pwnium 
contest,  run  by  Google,  Sergey  Glazunov's  exploit  preyed  on  two 
vulnerabilities  to  avoid  the  Chrome  sandbox  that  is  supposed 
to  mitigate  exploits.  His  efforts  won  him  $60,000.  In  Pwn20wn, 
French  consulting  company  Vupen  took  down  the  browser  with 
a  zero-day  exploit  that  used  a  flaw  in  the  browser  itself  and  also 
broke  out  of  the  browser’s  sandbox.  The 
exploit  won  the  five-man  Vupen  team 
32  points  in  the  competition. 
Pwn20wn  is  sponsored  by 
the  Zero  Day  Initiative  and 
HPTippingPoint.  First  prize  is 
$60,000,  second  is  $30,000  and 
jf  third  is  $15,000,  depending  on 
which  team  accumulates  the  most 
points,  tinyurl.com/7jre87x 


exchanger  through  which  water 
is  pumped  at  low  pressure.  Iceo- 
tope  can  cool  an  entire  20kW 
rack  with  a  pump  consuming 
just  70  watts,  according  to 
Iceotope  CTO  Peter  Hopton. 

The  Iceotope  system  warms  the 
water  by  just  5  degrees  Celsius, 
and  can  operate  with  incoming 
water  temperatures  of  up  to 
45  C,  which  means  year-round 
free-air  cooling  is  possible 
almost  anywhere  on  the  planet, 
he  said,  tinyurl.com/78epd78 


getting  a  bit  more  social.  Large 
companies  are  increasingly 
letting  employees  access  social 
media  sites  from  the  office,  Gart¬ 
ner  says.  While  50%  of  large 
organizations  blocked  social 
sites  in  2010,  Gartner  expects 
that  number  to  drop  to  30%  by 
2014.  “Even  in  those  organiza¬ 
tions  that  block  all  access  to 
social  media,  blocks  tend  not 
to  be  complete,”  said  Andrew 
Walls,  a  Gartner  analyst.  “Cer¬ 
tain  departments  and  processes, 
such  as  marketing,  require 
access  to  external  social  media, 
and  employees  can  circum¬ 
vent  blocks  by  using  personal 
devices  such  as  smartphones.” 
tinyurl.com/88s8zhr 

Iceotope  dips  its 
servers  in  liquid 


EVEN  THE  most  efficient  air¬ 


cooled  data  centers  waste  20% 
of  their  power  run¬ 
ning  fans  inside  the 
servers,  according  to 
British  liquid-cooling 
specialist  Iceotope, 
which  launched  its 
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New  Cisco  servers 
have  Intel  Xeon 
E5  inside 

CISCO  HAS  expanded  its  data 
center  portfolio  with  servers  and 
network  gear  to  better  support 
virtualization,  cloud  computing 
and  big  data  demands.  The  latest 
Unified  Computing  System 
(UCS)  servers  support  Intel’s 
new  Xeon  processor  E5-2600 
line  —  also  known  as  “Romley” 
and  “Sandy  Bridge”  —  and 
support  up  to  eight  times  the 
memory  capacity  and  four  times 
the  I/O  of  previous  UCS  servers. 


In  addition,  the  UCS  Manager 
now  supports  Cisco’s  UCS  rack 
mount  servers,  enabling  those 
form  factors  to  reach  manage¬ 
ment  parity  with  the  UCS  blade 
servers.  Cisco  says  it  now  has 
11,000  UCS  customers  since  the 
platform’s  introduction  in  2009. 
And  at  a  $1.3  billion  annual  run 
rate,  UCS  is  the  fastest  grow¬ 
ing  product  in  Cisco’s  history. 
tinyurl.com/7jwhxpe 

Enterprises 
going  social 

ENTERPRISES.IT  seems,  are 


water-cooled  servers 
at  the  Cebit  tradeshow 
in  Hannover,  Germany. 
While  some  server 
manufacturers  take  a 
halfhearted  approach 
to  liquid  cooling, 
pumping  fluid  through 
the  heatsinks  on  top  of 
key  components  such 
as  processors,  Iceotope 
goes  all  in,  immersing 
half-size  SSI  moth¬ 
erboards  in  Novec, 
an  inert  cooling  fluid 
developed  by  3M,  and 
sealing  them  inside 
special  modules.  The 
cooling  fluid  carries 
the  heat  away  from  the 
motherboard  through 
convection  before 
giving  it  up  to  a  heat 
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QA  internship 
program  targets 
young  adults 

A  GROUP  of  U.S.  technology 
companies  has  launched  an  IT 
internship  program  aimed  at 
helping  low- income  young  people 
get  a  start  in  the  industry  through 
quality  assurance  jobs.  Backers  of 
the  new  SummerQAmp  program 
hope  to  get  commitments  from 
tech  companies  to  provide  more 
than  1,000  QA  internships  this 
summer.  Many  software  QA  jobs 
have  been  outsourced  to  other 
countries,  but  the  program  is  an 
attempt  to  grow  those  jobs  in  the 
U.S.,  said  Kevin  Haggard,  vice 
president  of  quality  engineering 
at  online  clothing  retailer  Gilt 
Groupe.  “We  need  to  create  more 
tech  jobs  and  keep  the  U.S.  at  the 
forefront  of  innovation,”  he  said. 
“People  don’t  realize  this  is  a 
very  viable  career  opportunity.” 
Among  the  companies  joining  Gilt 
Groupe  in  supporting  the  program 
are  GroupMe,  a  group-messaging 
software  vendor;  Onswipe,  a 
publishing  app  developer;  and 
eBay.  Also  supporting  the  effort 
are  Aneesh  Chopra,  former  CTO 
at  the  U.S.  White  House,  and 
musician  Jon  Bon  Jovi.f  inyurl. 
com/888b4lm 

Brocade  provides 
single  view  across 
access  layer 

BROCADE  IS  looking  to  simplify 
the  campus  edge  with  two 
additions  to  its  ICX  switch  line 
and  plans  to  more  easily  mix 
and  match  ICX  switches  in  and 
between  stacks.  The  stacking 
capability,  which  Brocade  calls 
Hyper  Edge,  is  designed  to  let 
users  manage  their  entire  access 
switching  layer  as  if  it  were  a 
single  device,  and  provide  consis¬ 
tent  policy  among  all  access  layer 
ports.  Users  can  mix  and  match 


mmiiimiimimmiiimimii 


high-end  and  entry-level  switches 
within  a  single  stack,  so  entry- 
level  switches  inherit  all  of  the 
features  of  the  high-end  switches, 
Brocade  says.  HyperEdge  will  be 
available  on  Brocade’s  ICX  and 
FCX  stackable  switches  through 
a  software  upgrade  available  in 
the  first  half  of  next  year.  In  the 
meantime,  Brocade  unveiled  two 
new  stackable  ICX  switches  that 
feature,  among  other  capabili¬ 
ties,  support  for  Energy  Efficient 
Ethernet  and  MACsec  link-level 
encryption.  The  switches  are 
available  in  24-port  and  48-port 
Gigabit  Ethernet  models,  with 
optional  1G/10G  uplink  or 
stacking  ports  to  support  up 
to  384  ports  of  density,  tinyurl, 
com/6t4g8h2 


More  devices, 
less  satisfied 


GOOD 


BAD 


IBM  researchers 
claim  Terabit 
breakthrough 


IBM  RESEARCHERS  have 
developed  a  prototype 
optical  chip  that  can  transfer 
data  at  lTbps,  the  equivalent 
of  downloading  500 
high-definition  movies, 
using  light  pulses.  The 
chip,  called  Holey  Opto- 
chip,  is  a  parallel  optical 
transceiver  consisting  of  both  a  transmitter  and  a 
receiver,  and  is  designed  to  handle  the  large  amount 
of  data  created  and  transmitted  over  corporate  and 
consumer  networks  as  a  result  of  new  applications 
and  services.  It  is  expected  to  power  future  super¬ 
computer  and  data  center  applications,  an  area 
where  IBM  already  uses  optical  technology. 


CIOs  ask:  Where’s 
the  IT  talent? 

NEW  SURVEY  data  finds 
it's  tougher  to  recruit 
skilled  professionals  in 
the  tech  field  than  it  is 
in  other  professional 

areas,  including  accounting  and  finance,  legal, 
and  advertising  and  marketing  departments. 
Compared  to  their  counterparts  in  other 
employment  sectors,  more  CIOs  say  recruiting  is 
a  challenge,  according  to  Robert  Half  International. 
The  staffing  services  firm  polled  4,000  U.S.  execu¬ 
tives  —  including  CIOs,  chief  financial  officers,  senior 
HR  managers,  lawyers,  and  advertising  and  marketing 
executives  —  to  determine  their  hiring  plans  for  Q2. 


AS  SMARTPHONES  and  tablets 
surge  in  number,  mobile  workers 
are  less  satisfied  with  their  wire¬ 
less  network  services,  a  new  poll 
from  iPass  has  found.  The  global 
survey  of 1,800  workers  at  1,100 
companies  found  a  25  percentage 
point  decline  in  mobile  network 
satisfaction  compared  to  a  year  ago. 
In  2011, 87%  of  workers  said  they 
were  satisfied  with  their  mobile 
service,  while  the  number  dropped 
to  62%  who  are  satisfied  in  2012. 
The  survey  also  noted  that  workers 
carry  an  average  of  3.5  devices,  up 
from  2.7  devices  in  2011.  IPass  and 
other  experts  attribute  the  decline 
in  satisfaction  to  the  mismatch 
of  increased  device  capabilities 
and  the  fact  that  wireless  infra¬ 
structure  has  not  kept  up  with 
demand  iinyurl.com/7ynysg6 


Even  the  Pope  isn’t  safe 
from  Anonymous 


THE  MAIN  website  of  the  Vatican  was  inaccessible 
Wednesday  after  what  appears  to  have  been  an  attack 
by  malicious  hackers  claiming  to  be  affiliated  with  the 
Anonymous  hacking  collective.  A  website  claiming 
to  be  the  official  blog  of  Anonymous  in  Italy  posted 
a  message  taking  credit  for  the  attack.  A  rough 
Google  translation  of  the  message  suggests  that  the 
site  was  taken  down  to  protest  church  doctrine 

and  the  molestation 
of  children  by  clergy 
members.  Separately, 
hackers  claiming  to 
belong  to  Anonymous 
also  defaced  Panda 
Security's  PandaLabs 
website  in  apparent 
response  to  the  arrests 
of  five  hackers  Tuesday 
in  the  U.K.  and  the  U.S. 
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As  businesses  continue  their  journey  to  the  cloud,  analysts  and  security  experts  agree 
that  risk  management  practices  must  change.  Trend  Micro  leads  the  way  in  protecting 
businesses  against  today's  sophisticated  cyber  attacks  by  providing  real-time,  actionable 
threat  intelligence  and  network-wide  visibility  and  control.  With  our  solutions  you  gain  the 
certainty  that  your  data  is  always  secure  across  all  envjronments-physical,  virtual  and  cloud. 


Securing  Your  Journey 
to  the  Cloud 


trendmicro.com/journey 


Scan  to  download 

I  DC  Analyst  Connection:  Server  Security, 
for  Today's  Datacenters 


SPECIAL  FOCUS 


Identity  management  in  the  cloud  emerges 
as  hot-button  issue  for  CIOs 


BY  CAROLYN  DUFFY MARSAN 

AS  SALLIE  Mae  migrates  some  of  its  most 
important  applications  to  the  cloud,  the 
nation’s  largest  provider  of  college  loans  is 
keeping  an  eye  on  compliance. 

Sallie  Mae  uses  identity  management  soft¬ 
ware  from  SailPoint  to  ensure  that  its  6,100 
employees  have  appropriate  levels  of  access 
to  data  and  applications  —  regardless  of 
whether  it’s  stored  in  the  cloud  or  at  one  of  its 
data  centers. 

“All  of  our  cloud-based  services  —  all  of 
that  access  is  controlled,”  says  Jerry  Archer, 
CSO  for  Sallie  Mae,  which  uses  hosted 
applications  such  as  Workday  for  human 
resources  functions.  “SailPoint  keeps  track  of 
roles,  access  and  other  workflow  processes.” 

Sallie  Mae  is  in  good  company.  A  growing 
number  of  organizations  including  CUNA 
Mutual  Group  and  the  American  Red  Cross 
have  upgraded  their  identity  and  access 
management  (IAM)  tools  to  bolster  their 
security  posture  as  they  adopt  cloud-based 
applications. 

Identity  management  in  the  cloud  has 
become  a  hot-button  issue  for  CIOs  over  the 
last  year,  says  Lina  Liberti,  vice  president  of 
security  management  at  the  security  busi¬ 
ness  unit  for  CA  Technologies. 

“Every  customer  I  talk  to  is  looking  at 
identity  management,”  Liberti  says.  “There 
are  a  lot  of  very  large  deals. ...  Companies  say 
they  have  something  that  they  built  that  they 
really  shouldn’t  be  managing  and  it’s  costing 
them  so  much  money.” 

By  purchasing  the  latest  IAM  tools  from 
such  vendors  as  SailPoint,  Courion,  IBM, 
CA,  Ping  Identity,  Aveksa  and  others, 
these  organizations  are  ensuring  that  their 
employees  and  business  partners  have 
appropriate  levels  of  access  to  corporate  data 
that’s  stored  by  popular  cloud-based  appli¬ 
cations  such  as  Salesforce,  Google  Apps  or 
Microsoft  Office  365. 

Today’s  IAM  tools  mitigate  risks  for  IT 
departments  by  allowing  them  to  comply 
with  federal  regulations  and  successfully 
pass  audits  of  cloud  and  network-based 
applications.  They  also  increase  efficiency  by 
eliminating  error-prone  manual  processes 
for  checking  access  to  applications.  Increas¬ 
ingly,  they  offer  automated  provisioning  and 
de-provisioning  of  cloud-based  applications, 
as  well  as  single  sign-on  across  network- 
based  and  hosted  applications. 

“Identity  access  management  is  a  market 


5  signs  that  you’ve 
lost  control  over 
your  cloud  apps 

End  users  start  sticking  Post-it 
notes  all  over  their  computers  listing 
user  names  and  passwords  for 
cloud-based  applications. 

Employees  leave  the  company, 

but  their  access  to  cloud-based 
applications  isn’t  removed,  resulting 
in  a  proliferation  of  so-called  “orphan 
accounts.”  ■ 

Managers  are  no  longer  approving 
data  access  for  new  employees. 

Nobody  is  monitoring  cloud- 
based  applications  to  make 
sure  access  is  current. 

You’re  losing  accounts  to  the 

new  employer  of  a  salesperson 
who  left  your  company. 


in  transition,”  says  Dave  Fowler,  COO  at  Cou¬ 
rion.  “Corporations  are  opening  up  more  and 
more  of  their  data  to  be  accessed  by  employ¬ 
ees,  business  partners,  customers  and  people 
outside  the  organization.  This  is  particularly 
true  in  financial  institutions,  healthcare  and 
retail.  But  in  conjunction  with  opening  up 
more  of  their  data  to  be  used  by  business 
partners,  they’re  facing  more  and  more  regu¬ 
lations  on  securing  this  information.” 

As  IT  departments  adopt  cloud-based 
applications  to  cut  their  operating  costs  and 
speed  up  the  availability  of  new  features, 
they’re  also  dealing  with  a  flood  of  personal 
mobile  devices  that  employees  are  using  to 
access  corporate  data  stored  in  the  cloud. 

“We  did  a  survey  of  1,000  organizations, 
and  69%  of  them  allowed  personal  mobile 
devices  to  access  their  network,”  Fowler  says. 
“They  don’t  have  security  over  the  devices 
used  to  access  data  in  the  cloud,  and  they 
are  typically  using  dozens  of  cloud-based 
applications.” 

Today’s  IAM  tools  help  IT  departments 
manage  the  conflicting  pressures  of  trying 
to  secure  data  that  is  stored  by  someone  else 
—  a  hosted  service  provider  —  and  accessed 
by  a  device  that’s  not  owned  or  controlled  by 


the  company.  IAM  tools  also  help  manage 
the  constant  churn  of  employees  being  hired 
and  fired  by  an  organization  and  its  business 
partners. 

“When  you  put  an  application  in  the  cloud, 
you  don’t  have  mechanisms  for  provisioning 
users  in  the  cloud  automatically,”  Fowler 
says.  “When  you  terminate  an  employee  or 
the  employee  changes  jobs,  somebody  has 
to  manually  go  into  these  cloud-based  appli¬ 
cations  and  take  them  out.  We’re  building 
connectors  to  applications  that  allow  you 
to  automate  onboarding  and  offboarding 
individuals.” 

The  latest  development  is  the  availability  of 
IAM  as  a  hosted  service  from  such  companies 
as  Courion  and  Lighthouse  Security  Group. 
Only  a  handful  of  pioneering  organizations, 
such  as  Cintas  Corp.  and  Molson  Coors  Brew¬ 
ing  Co.,  have  chosen  a  hosted  IAM  service. 
For  example,  Cintas  is  going  into  production 
mode  with  the  hosted  CourionLive  service  for 
30,000  users  in  March. 

Sallie  Mae,  however,  isn’t  ready  to  put  its 
identity  management  system  into  the  cloud. 

“We’re  not  at  the  point  where  we’re  putting 
Active  Directory  into  the  cloud.  We’re  main¬ 
taining  our  own  Active  Directory  for  employ¬ 
ees  and  customer  identity,”  Archer  says.  “If 
you  move  everything  into  the  cloud,  with  all 
identities  maintained  in  the  cloud,  you’ve  put 
your  crown  jewels  in  the  cloud  now  and  you 
really  need  to  begin  worrying  about  a  whole 
different  set  of  problems  in  terms  of  protect¬ 
ing  your  crown  jewels.  If  hackers  get  to  that, 
they  have  everything.” 

Instead,  Sallie  Mae  is  sticking  with  its 
network-based  version  of  SailPoint,  which  it 
has  used  for  two  years.  Before  that,  the  com¬ 
pany  used  Excel  spreadsheets  and  a  manu¬ 
ally  intensive  process  to  conduct  quarterly 
reviews  of  employees’  access  to  information 
systems. 

“We  would  on  a  quarterly  basis  pull  all  the 
access  logs  from  the  systems  and  distribute 
them  to  the  managers  to  approve,”  Archer 
says.  “With  SailPoint,  we’ve  implemented 
role-based  access  control.  ...  No  longer  do 
managers  have  to  look  at  spreadsheets  and 
individual  access.” 

Archer  says  Sallie  Mae  has  reduced  the 
amount  of  resources  related  to  compliance 
by  40%  in  the  last  two  years,  thanks  to  tools 
like  SailPoint. 

“All  of  this  work  was  very  manual  with 
spreadsheets,”  he  says.  “We’ve  fundamen¬ 
tally  changed  everything.”  ■ 
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TREND  ANALYSIS 


Can  big  data  nab  network  invaders? 

Big  data  brings  big  hopes  about  catching  stealthy  intruders  going  after  sensitive  data 


BYELLENMESSMER 

THE  BUZZ  in  security  circles  about  “big 
data”  goes  something  like  this:  If  the  enter¬ 
prise  could  only  unite  its  security-related 
event  data  with  a  warehouse  of 
business  information,  it  could 
analyze  this  big  data  to  catch 
intruders  trying  to  steal  sensi¬ 
tive  information. 

This  is  the  security  angle  to 
the  big  data  hopes  that  are  ris¬ 
ing  along  with  the  popularity  of 
vast  big  data  repositories,  often 
based  on  the  open-source  scal¬ 
able  software  Hadoop,  being 
adopted  in  enterprises.  This  is 
leading  to  anticipation  a  new 
type  of  “data  scientist”  job  will 
emerge  in  IT  around  Hadoop. 

Among  security  professionals 
and  analysts,  there’s  now  talk 
that  big  data  will  also  lead  to 
security-focused  data  scien¬ 
tists  who  will  have  the  tools 
and  knowledge  to  pinpoint 
attacks  by  stealthy  intruders. 

Catching  cyberthieves  in  the 
act  across  sprawling  networks  has  proven 
hard  to  do,  and  big  data  is  offering  new  hope. 
But  is  it  warranted? 

Scott  Crawford,  analyst  with  consultancy 
Enterprise  Management  Associates,  thinks 
so.  “Statistical  analysts  will  identify  anoma¬ 
lies  but  not  understand  the  security,”  he  com¬ 
mented  during  an  analysts  panel  at  the  recent 
RSA  Conference  in  San  Francisco  on  the  topic 
of  Big  Data  and  how  it  can  help  security. 

Crawford  predicted  eventually  there  will 
emerge  “a  market  for  security  algorithms” 
for  big  data.  He  noted  that  firms  such  as  Red 
Lambda  and  Palantir  are  tackling  this  today 
in  math-heavy  analysis  aimed  at  spotting 
anomalies. 

The  “bad”  attacker  intent  on  hiding  is  an 
anomaly  to  the  generally  “good”  behavior  of 
network  users  inside  the  network,  behind 
which  the  attacker  often  hides,  according  to 
some.  Today,  stealthy  attackers  are  getting 
past  traditional  defenses,  such  as  intrusion- 
prevention  systems,  firewalls  and  antivirus, 
pointed  out  Gartner  analyst  Neil  MacDonald, 
who  spoke  about  this  during  the  RSA  panel. 

These  devastating  attacks  to  infiltrate  and 
steal  highly  sensitive  data,  sometimes  called 
advanced  persistent  threats  (APT),  are  driven 
by  human  actors  able  to  effectively  hide  their 


malevolent  presence  within  networks.  Today, 
says  MacDonald,  we  just  don’t  know  what 
“goodness”  and  “badness”  looks  like  in  terms 
of  network  activity.  “You  have  to  know  what 
goodness  looks  like”  to  understand  “devia¬ 
tions  from  goodness,”  he 
points  out. 

Big  data  is  offering  new 
possibilities  for  security 
analysis,  which  could  mean 
that  one  type  of  security  tool 
used  today,  security  informa¬ 
tion  and  event  management 
(SIEM),  and  tools  like  it  that 
may  not  properly  adhere  to 
that  genre,  will  have  to  evolve, 
analysts  contend. 

To  some  extent  that  has 
started  already,  says  MacDon¬ 
ald,  pointing  to  RSA’s  threat- 
detection  product  NetWitness 
and  the  HP  ArcSight  SIEM, 
among  others.  Some  startups, 
including  CrowdStrike,  are 
claiming  they  will  tackle  the 
APT  problem  in  new  ways. 

But  will  SIEM  evolve  to 
be  able  to  process  business- 
related  big  data  or  not?  And  is  the  whole  idea 
that  business  data  be  added  into  more  tradi¬ 
tional  SIEM  data  from  a  variety  of  firewalls, 
servers,  IPSs  and  the  like  to  provide  meaning¬ 
ful  intelligence  on  an  attacker  simply  a  pleas¬ 
ant  illusion? 

“People  can’t  get  the  answers  they  want 
from  SIEM  tools,”  said  Forrester  analyst  John 
Kindervag.  He  said  something  new  is  going 
to  have  to  happen,  in  which  SIEM  tools  might 
be  a  part. 

Of  all  the  analysts  on  the  RSA  panel,  Jon 
Oltsik  with  Enterprise  Strategy  Group, 
appeared  the  most  skeptical  that  big  data  is 
going  to  be  the  answer  to  the  APT  problem. 

“My  fear  is  we’ll  capture  more  data  and  not 
know  what  to  do  with  it,”  Oltsik  commented. 
He  said  chief  information  security  officers  in 
the  enterprise  today  aren’t  sold  on  the  idea 
that  big  data  is  going  to  be  a  boon  to  security. 
“When  I  talk  to  CISOs  and  ask  about  big  data, 
they  laugh,"  he  commented. 

Still,  some  early  adopters  of  big  data  secu¬ 
rity  approaches  are  hopeful. 

Zions  Bancorporation  has  set  up  a  massive 
repository  for  proactively  analyzing  a  com¬ 
bination  of  real-time  security  and  business 
data  in  order  to  identify  phishing  attacks, 
prevent  fraud  and  ward  off  hacker  intrusions. 


Announced  in  October  2011,  it’s  based  on  the 
Zettaset  Data  Warehouse,  which  makes  use 
of  Hadoop  for  data-intensive  distributed 
applications.  Preston  Wood,  chief  security 
officer  at  Zions,  has  described  it  as  a  way  to 
augment  a  SIEM  tool  and  look  at  massive 
amounts  of  historical  business  data  for  secu¬ 
rity  purposes. 

SIEM  vendors,  including  NetlQ,  say  they 
know  the  buzz  around  big  data  and  security 
is  just  beginning. 

“This  is  where  SIEM  has  to  go,”  said  Matt 
Ulery,  director  of  product  management  at 
NetlQ,  maker  of  the  SIEM  called  Sentinel. 
Ulery  said  the  industry  is  starting  on  a  path 
to  reinvent  SIEM  by  incorporating  business 
intelligence.  Big  data  could  detect  what’s  out 
of  a  normal  pattern,  says  Ulery,  noting  Senti¬ 
nel  7.0  does  incorporate  more  context  for  data. 

“But  how  do  you  define  the  good?”  Ulery 
asked,  pointing  out  an  attacker  “will  take 
over  an  account,  so  the  question  is,  is  that  the 
employee  or  the  attacker?”  He  said  stealthy 
attack  actions  may  only  pop  up  for  a  few 
seconds  at  most  every  day,  so  the  goal  is  to 
define  the  trusted  insider  from  the  attacker. 
Big  data  may  be  able  to  provide  a  lot  of  assis¬ 
tance  in  that. 

But  Ulery  adds  that  there  appear  to  be  many 
practical  reasons  why  the  big  data  concept  for 
security  is  going  to  be  faced  with  obstacles. 

One  practical  obstacle  is  the  current  push 
to  put  enterprise  data  into  cloud  comput¬ 
ing,  which  is  making  it  harder  for  the  tradi¬ 
tional  SIEM  approach,  which  has  been  used 
on  premises  inside  the  enterprise  network. 
Another  obstacle  is  that  security  managers 
hopeful  about  big  data  will  be  in  the  position 
of  drawing  up  data-management  strategies 
and  recommendations  about  something 
that  remains  very  cutting-edge  today.  In  an 
era  where  other  corporate  issues,  such  as 
whether  to  adopt  “bring  your  own  device” 
for  mobile  devices,  are  already  a  big  topic 
with  management,  adding  big  data  could  be 
a  hard  sell.  ■ 


Tech  event  in  March 

IT  Roadmap  Chicago  focuses  on 
the  trends  and  technologies  that 
are  most  relevant  to  you.  At  IT 
Roadmap  you  will  learn  what  solutions 
are  best  for  your  organization. 

tinyurl.com/82g6mp9 


capture  more 
data  and  not 
know  what  to 
do  with  it.” 

JON  OLTSIK,  ENTERPRISE 
STRATEGY  GROUP  ANALYST 
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Only  pay  for  what  you  need. 

Change  your  server  specifications  anytime! 

■  Adaptable  with  up  to  6  CPU,  24  GB  of  RAM,  and  800  GB  hard  drive  space 

■  On-the-fly  resource  allocation  -  hourly  billing 
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Dedicated  resources  with  full  root  access 

Linux  or  Windows®  operating  systems  available  with 

Parallels®  Plesk  Panel  10.4 

Free  SSL  Certificate  included 

2,000  GB  Traffic 

24/7  Hotline  and  Support 

1&1  servers  are  housed  in  high-tech  data  centers  owned 
and  operated  by  1&1 


FREE! 

Base  Configuration,  then  $49/month 


NEW:  Monitor  and  manage 
servers  through  1&1  mobile 
apps  for  Android™ 
and  iPhone®.  * 
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“Hoarders,”  “Hoarding:  Buried  Alive,”  “Confessions:  Animal 
Hoarding”  and  on  and  on.  The  images  are  consistent: 

Piles  of  newspapers 
dating  back  to  the  Nixon  era. 
Feral  cats  skittering  behind  furniture. 

Boxes  stacked  to  the  ceilings. 
Empty  cans  of  cat  food, 
beans  and  soup 
scattered 
everywhere. 


DV  ICCCWAMrC 


COLLAGE: STEPHEN  SAUER 


Most  people  know  a  hoarder.  Maybe  it’s  an 
aunt.  Maybe  it’s  the  neighbor  with  a  sofa  on 
the  front  porch  and  motorcycle  parts  strewn 
across  the  lawn.  Or,  maybe  it’s  you.  Have  you 
taken  a  look  at  your  email  inbox  lately?  Last 
time  I  cleaned  out  mine,  it  had  sprawled  to 
more  than  1,500  messages  —  and  I  hadn’t 
neglected  my  inbox  for  all  that  long. 

According  to  The  Radicati  Group,  the  typi¬ 
cal  knowledge  worker  sends  and  receives  105 
emails  each  day.  Cribbing  from  Shakespeare, 
some  people  are  born  e-hoarders,  some  are 
made,  and  others  have  e-hoarding  thrust 
upon  them. 

Plenty  of  us  have  e-hoarding  thrust  upon 
us.  In  regulated  industries,  e-hoarding  is  more 
or  less  mandated.  Delete  the  wrong  email,  and 
you  could  get  your  firm  in  serious  trouble  — 
although  that  doesn’t  mean  you  have  to  store 
the  thing  in  your  inbox  indefinitely. 


Cheap  storage  is  a  key  enabler 


With  computers  sold  with  ever  bigger  hard 
drives,  e-hoarding  doesn’t  stress  storage  the 
way  it  would  have  in  the  past.  And  why  delete, 
when  it  may  well  be  cheaper  to  store?  The  cost 
of  storage  has  dropped  from  about  $9/GB  in 
2000  to  about  S.08/GB  today. 

If  you’re  a  well-paid  knowledge  worker,  the 
productivity  lost  while  purging  old  files  may 
well  cost  your  organization  more  than  the 
bloated  storage  costs.  That  is,  until  it  comes 
time  to  find  something.  Powerful  search 
engines  like  Google  create  the  illusion  that 
information  is  always  at  our  fingertips. 

Enterprise  search,  though,  falls  way  short 
of  what  we’re  used  to  with  Google.  Desktop 
search  is  nearly  as  bad,  and  email  search  is  like 
banging  flint  together  to  make  a  fire  instead  of 
using  a  lighter.  It’s  downright  primitive. 

Elliot  Soloway,  a  professor  in  the  College  of 
Engineering  at  the  University  of  Michigan, 
is  a  self-confessed  e-hoarder.  Soloway  is  con¬ 
stantly  writing  articles  for  publications,  ideas 
for  his  classes  and  entries  for  his  blog.  He 
saves  everything.  “You  never  know 
when  you  might  want  to 
reuse  a  paragraph  or 
rescue  a  nice  turn  of 
phrase  you  never 
ended  up  using.” 

Anything  filed 
in  the  last  week 
or  10  days,  Solo¬ 
way  could  find. 
Beyond  that, 
finding  poorly 
filed  informa¬ 
tion  would  often 
take  longer  than 


re-creating  it  from  scratch.  Soloway  eventu¬ 
ally  tamed  his  e-hoard  with  XI  Technology’s 
desktop  search  software.  XI  quickly  finds 
information  buried  in  emails,  documents  and 
presentations  (and  its  most  recent  version  will 
search  social  media  sites  and  webmail,  and 
even  search  a  remote  PC  from  a  smartphone). 

Now,  Soloway  says  he  doesn’t  need  to  worry 
about  e-hoarding.  Anything  he  saves  is  acces¬ 
sible.  “In  fact,  I  save  more  mini-files.  I  create 
many  small  documents  with  bits  and  pieces 
intended  for  larger  projects.  I  write  differently 
because  I  don’t  worry  about  information  get¬ 
ting  lost  as  soon  as  I  close  the  document.” 

Universities  thrive  on  unfettered  access  to 
reams  of  information,  but  most  enterprises 
can’t  play  as  fast  and  loose  with  data  sprawl. 

The  real  cost  of  data  sprawl 

While  the  cost  of  storing  data  has  dropped 
significantly,  ancillary  costs  haven’t,  includ¬ 
ing  data  management  costs  and  even  costs 
associated  with  adding  space  in  data  centers 
and  paying  for  escalating  HVAC  bills. 

Retrieval  is  another  problem,  since  even  the 
best  search  tool  won’t  necessarily  find  data 
buried  in  an  arcane  application.  Take  Share- 
Point,  for  instance.  As  more  people  within 
an  organization  collaborate  through  it,  the 
number  of  documents  within  SharePoint  can 
spiral  out  of  control. 

“When  that  happens,  when  SharePoint 
becomes  a  de  facto  Enterprise  Content  Man¬ 
agement  system,  the  performance  degrades. 
Potentially,  people  will  stop  using  it,”  says 
Kelley  Lynn  Kassa,  director  of  marketing 
communications  for  Datawatch,  a  provider  of 
data  mining  solutions.  “To  paraphrase  Yogi 
Berra,  ‘No  one  will  go  there  anymore;  it  will 
be  too  crowded.’” 

Gartner  predicts  that  enterprise  data  in  all 
forms  will  grow  650%  in  the  next  five  years. 
In  a  survey  conducted  for  Oracle,  Unisphere 
Research  found  that  in  many  organizations 
stored  data  is  reaching  or  has  already  crossed 
the  petabyte  threshold. 

According  to  IDC,  the  world’s  information 
now  doubles  about  every  year  and  a  half.  By 
the  end  of  2011,  IDC  estimates  that  we  will  cre¬ 
ate  and  replicate  1.8  zettabytes  (or  1.8  trillion 
gigabytes)  of  information,  enough  data  to  fill 
57.5  billion  32GB  Apple  iPads. 

Buried  alive  by  documents 
...and  legal  fees 

According  to  Jeff  Fehrman,  VP  of  forensics 
and  consulting  at  Integreon,  a  provider  of  legal 
and  research  solutions,  e-hoarding  becomes 
even  more  serious  when  your  organization 
faces  a  lawsuit.  “During  the  discovery  phase, 
if  you  don’t  have  your  data  properly  classified 
and  legal  teams  are  handling  a  bunch  of  infor¬ 
mation  that  is  not  relevant  to  the  case,  you  can 
spend  millions  on  e-discovery,”  he  says. 

Fehrman  advocates  having  not  just  data 
retention  policies,  which  many  organizations 
already  have,  but  also  data  disposal  policies. 


Besides  legal  troubles,  e-hoarding  is  also 
creating  huge  problems  for  IT  and  even  execu¬ 
tives,  problems  that  go  well  beyond  the  costs 
associated  with  storing  and  later  finding  all  of 
that  information.  According  to  IBM,  the  result 
of  exponential  data  growth  is  that  most  orga¬ 
nizations  operate  with  serious  blind  spots. 

IBM  found  that  1  in  3  business  leaders  fre¬ 
quently  make  decisions  based  on  information 
they  either  don’t  have  or  don’t  really  trust. 
Shockingly,  1  in  2  business  leaders  admit  that 
they  don’t  have  working  access  to  the  informa¬ 
tion  they  need  to  do  their  jobs. 

Business  leaders  and  knowledge  workers 
usually  know  they  have  the  data  they  need 
somewhere,  but  they  can’t  put  their  finger 
on  it.  They  don’t  know  how  to  find  it,  and  if 
they  do  find  it,  they’re  not  sure  how  current 
or  accurate  it  is. 

“The  problem  as  I  see  it  is  the  explosion  of 
unstructured  data,  or  data  that  is  not  stored 
in  a  relational  database,”  says  Chris  Davidson, 
VP  and  manager  of  open  systems  administra¬ 
tion  for  Trustmark  National  Bank. 

As  data  grows,  the  chore  of  backing  up  criti¬ 
cal  data  becomes  more  costly  and  complex. 
Before  Davidson  modernized  it,  Trustmark’s 
backup  and  recovery  strategy  was  a  decentral¬ 
ized,  inefficient  and  largely  manual  process. 
The  bank’s  backup  solution  —  IBM  Tivoli  Stor¬ 
age  Manager  (TSM)  —  didn’t  have  an  intuitive 
reporting  mechanism,  so  the  bank’s  backup 
administrators  would  take  the  raw  data  pro¬ 
duced  by  TSM  and  manually  keep  track  of  the 
organization’s  hundreds  of  systems  and  their 
backup  status  on  spreadsheets. 

With  only  a  handful  of  servers,  this 
approach  was  manageable,  but  as  Trustmark 
grew,  IT  administrators  started  spending  as 
much  as  40  hours  per  month  on  reporting. 

Davidson  eventually  deployed  an  auto¬ 
mated  backup  manager  from  Aptare.  David¬ 
son  estimates  that  by  automating  the  backup 
and  reporting  process,  Trustmark  is  now  sav¬ 
ing  $18,00  per  year  in  recovered  productivity, 
$60,000  per  year  in  hardware  costs  (through 
a  more  efficient  backup  architecture)  and 
$1,500  per  year  in  streamlined  auditing. 

Of  course,  automated  backup  isn’t  the  only 
solution  most  organizations  will  need  to  tame 
their  data  problem.  A  range  of  technologies 
can  help,  including  the  obvious  ones,  such  as 
data  mining,  e-discovery  and  data  governance 
tools,  and  less  obvious  ones,  such  as  data  loss 
prevention  tools. 

In  fact,  DLP  tools  may  be  a  great  place  to 
start.  As  DLP  tools  classify  important  data 
that  the  enterprise  most  protect  from  leakage 
and  IP  theft,  anything  that  falls  outside  of  that 
“protected”  classification  is  a  good  candidate 
for  deletion.  ■ 

Based  in  Santa  Monica,  Calif.,  Jeff  Vance 
is  the  founder  of  Sandstorm  Media,  a 
copywriting  and  content  marketing  firm.  He 
can  be  reached  at  jeff  @sandstormmedia.net 
or  http://twitter.com/JWVance. 
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CENTER  IS  HERE 


In  order  to  effectively  deliver  today’s  high-bandwidth  applications  to  the  edges 
of  the  network,  you  have  to  reduce  the  complexity  of  the  network  itself. 
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Brocade.  The  leader  in  cloud-optimized  networking. 

Brocade  fabrics  dramatically  increase  automation  and  provide  the  same 
reliability  and  scalability  you’d  expect  to  find  in  a  data  center  even  at  the 
very  edges  of  the  network.  Ethernet  fabrics  create  the  simplified,  resilient 
network  foundations  that  the  cloud  requires.  Cloud-optimized  networking 
is  not  simple,  but  it  doesn’t  have  to  be  complicated.  Discover  why  two-thirds 
of  the  world’s  Internet  exchanges  rely  on  Brocade,  and  how  you  can  get  a 
network  that  works  the  way  you  always  dreamed  it  could. 


Find  out  what  Brocade  customers  already  know. 
Learn  more  at  brocade.com/everywhere 
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Yet  more  DSL  woes 


or  the  last  few  weeks  I’ve  been 
wrestling  with  my  new  AT&T  U-Verse 
DSL  service  outlined  my  travails  here 
in  Gearhead  after  which  you  might  have 
assumed  all  would  be  well,  that  AT&T 
would  have  pulled  out  all  the  stops  and 
sorted  out  my  issues.  Alas,  this  week  I’m 
no  happier  and,  apparently,  neither  are  many  of  you. 


Pr 

Mark  Gibbs’ Gearhead 


So,  where  am  I  today  with  my  DSL?  I’m 
not  sure.  Last  week  they  declared  my  line 
was  good  for  6Mbps,  then  they  decided  it 
wasn’t  and  dropped  it  to  3Mbps.  Not  content 
to  rest  on  their  laurels,  yesterday  they 
changed  their  minds  once  again  and  decided 
it  would  work  at  6Mbps.  They  have  also 
swapped  which  pair  to  the  central  office  I’m 
using,  changed  my  in-house  wiring,  theo¬ 
rized  that  “line  taps”  were  the  problem  and,  I 
presume,  removed  them  and  —  sigh—  we’re 
still  not  in  a  happy  place. 

I  just  checked  my  connection  using  speed- 
test.net  and  discovered  that  my  speed  down 
is  a  pathetic  0.57Mbps  and  my 
speed  up  is  —  be  still  my  beat¬ 
ing  heart  —  0.04Mbps. 

And  then  there’s  Wi-Fi.  For 
no  obvious  reason,  the  Wi-Fi 
access  point  in  the  DSL  modem 
(a  Motorola  NVG510)  started 
to  refuse  connections,  which 
only  a  restart  of  the  Wi-Fi 
service  could  fix.  Yesterday  the 
techs  replaced  the  modem  and 
yesterday  afternoon  the  same 
thing  happened  again! 

Over  this  same  period  the 
average  latency  to  various  sites  I’m  monitor¬ 
ing  with  PingPlotter  have  increased  by  20  to 
30  times  over  what  I  was  seeing  three  days 
ago!  For  example,  I’m  seeing  a  ping  time 
for  att.com  of  over  1,000ms  instead  of  the 


45ms  it  used  to  be  (which  wasn’t  particularly 
great  anyway). 

Anyway,  a  positive  flood  of  ISP  horror 
stories  has  been  pouring  in.  Reader  Ben 
Myers  wrote,  “I  read  your  DSL  column  in  the 
latest  Network  World,  and  I  marvel  at  the 
complete  ineptitude  of  AT&T  in  managing 
your  DSL  connection.  I  provide  support  for 
a  lot  of  Verizon  DSL  customers  around  here, 
both  business  and  consumer,  and  Verizon 
seems  to  have  gotten  it  right  with  DSL.  Have 
you  ever  considered  changing  ISPs?  Is  it 
possible  in  the  remote  wilds  of  Ventura,  CA? 
Does  anybody  offer  cable  Internet?” 


Yes,  I  have  considered  switching  ISPs 
but  what  choices  do  I  have?  Only  AT&T 
offers  DSL  service  in  this  area.  Satellite? 
It’s  too  expensive  and  the  latency  is  brutal 
. . .  that  would  be  a  desperation  choice. 


Cable?  While  it  seems  to  be  somewhat  more 
reliable  than  DSL,  I’ve  heard  many  horror 
stories  of  how  over- subscribed  cable  service 
can  be  with,  for  instance,  significant  slow¬ 
downs  when  the  neighborhood  children  get 
back  from  school.  Even  so,  maybe  I  should 
try  it. 

Luckily,  I  don’t  have  a  contract  with 
AT&T  (so  there’s  no  early  termination  fee) 
so  I  could  try  out  my  local  Time  Warner 
cable  service  (Charter  is  the  cable  provider 
at  the  other  end  of  town . . .  yep,  that’s 
competition  for  you).  I  could  have  a  10Mbps 
down,  1Mbps  up  service  for  $30  per  month, 
which  compares  favorably  to  AT&T’s 
U-verse  “Elite”  service  that  provides  6Mbps 
down  and  0.5Mbps  up  and  costs 
$25  per  month.  I  must  poll  my  neighbors  to 
see  what  they’re  using  and  if  they 
are  happy. 

Keep  writing  in  with  your  tales  of  how 
your  ISP  has  made  your  life  more  interest¬ 
ing  and  your  thoughts  on  DSL  vs.  cable.  As 
for  my  existing  service . . .  I’m  praying  it  will 
get  fixed  before  the  next  Gearhead.  ■ 


Gibbs  is  on  his  digital  knees  in  Ventura, 
Calif.  Send  your  tales  of  tech  torment  to 
gearhead@gibbs.com  and  follow  him  on 
Twitter  (@quistuipater)  and  on  Facebook 
(quistuipater). 


Yes,  I  have  considered  switching  ISPs  but 
what  choices  do  I  have?  Only  AT&T  offers 
DSL  service  in  this  area.  Satellite?  It’s  too 
expensive  and  the  latency  is  brutal . . . 

that  would  be  a  desperation  choice. 

.  ’  ’’  ‘  • '  *  '  ‘  •  .  -.4 


20  MARCH  12,  2012  www.networkworld.com 


H/  >>' 


CYBER  THREATS. 
MOBILTY.  CLOUD 
SOCIAL  MEDIA. 


INTRODUCING  MORE 
THAN  JUST  A  UTTLE  RISK 
TO  YOUR  BUSINESS? 


HP  Enterprise  Security  has  what  you 
need  to  secure  your  applications, 
information  and  operations.  Backed 
by  our  unparalleled  security  research 
team,  we  can  help  you  protect  your 
enterprise  and  identify  risks  before 
you  even  know  they  exist.  J 


For  more  information  go  to 
www.hpenterprisesecurity.com. 


Copyright  s  2011  Hewlett-Packard  Development  Company,  L.P. 
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Smile  while  you  ditch  the  PC  for 
your  scanning  needs 


Keith  Shaw’s 
Cool  Tools 


THE 

SCOOP 


Xerox  Mobile 
Scanner 

by  Xerox,  about  $250 


►  What  it  is:  This  portable  scanner 
is  the  updated  model  of  the  Visioneer 
Cordless  Color  Scanner,  which  I 
reviewed  last  year  (Xerox  licenses  the 
Visioneer  technology  for  this  product). 

The  battery-operated  scanner  lets  you 
scan  photos  and  documents  (JPEG  for 
photos,  PDF  for  color  or  black-and-white 
documents)  quickly  and  easily  without  the 
need  to  be  connected  to  a  computer—  images 
can  be  stored  directly  to  a  USB  thumb  drive 
(or  external  USB  hard  drive)  or  an  inserted 
SD  memory  card.  The  system  comes 
bundled  with  a  4GB  Eye-Fi  card,  giving 
the  scanner  Wi-Fi  connectivity. 

Other  features  include  a  carrying 
case,  bundled  software  and  a  recharg¬ 
ing/data  USB  cable  (as  well  as  wall 
adapter)  to  recharge  the  unit’s  battery. 

►  Why  it’s  cool:  The  Wi-Fi  connec¬ 
tivity  via  the  Eye-Fi  card  means  you 

can  scan  things  directly  to  the  cloud,  via  the 
Eye-Fi  website.  From  there,  you  can  share 
images  to  social  sites  such  as  Facebook, 
Flickr,  Picasa,  etc.  (although  it’s  pretty  easy 
to  just  copy  photos  and  documents  over 
from  the  SD  card,  but  some  people  like  hav¬ 
ing  one  less  step  to  manage). 

Like  the  Visioneer  scanner  I  tested  last 
year,  the  Xerox  Mobile  Scanner  doesn’t  need 
to  connect  to  a  PC  via  USB  in  order  to  scan  — 
for  users  who  have  lots  of  older  photos  that 
they’d  like  to  scan,  having  a  tethered  scanner 
seemed  an  unnecessary  complication.  With 
this  unit,  you  can  scan  a  shoe  box  full  of  old 
photos  in  minutes,  and  the  Wi-Fi  card  can 
upload  them  without  any  extra  effort  (I’d 
suggest  editing  them  later  before  sharing, 
however).  For  Facebook  users  looking  to 
bolster  their  new  Timeline,  for  example,  this 
is  a  great  way  to  quickly  add  those  images 
to  the  site  without  having  to  use  a  bulkier 
desktop  scanner. 

I  also  found  the  direct-to-PDF 


functionality 
handy.  I  was  able  to  feed 
all  of  my  tax  documents  quickly 
through  the  scanner  (if  you  feed  it  quickly 
enough  all  of  the  scans  end  up  in  one  PDF 
instead  of  multiple  files)  instead  of  individual 
scans  on  a  flatbed  scanner.  The  choice  of 
color  or  black-and-white  PDF  scanning  was 
appreciated  as  well,  and  switching  between 
scanning  options  (PDF  or  JPEG)  by  pushing  a 
single  button  was  quite  simple  to  do. 

Another  nice  touch  is  the  addition  of 
smartphone  apps  (DocToMe)  —  you  can 
scan  a  photo  with  the  unit  and  then  view 
the  image  on  an  iPhone,  iPad,  iPod  Touch 
or  Android  smartphone.  This  can  be  use¬ 
ful  if  you  need  to  view  PDF  documents 
quickly  and  easily  on  your  device  (Eye-Fi 
also  makes  a  card-viewing  iPhone  app  for 
photos,  but  not  PDFs). 

►  Some  caveats:  The  biggest  issue  I  had  Shaw  can  be  reached  at  kshaw@nww.com. 


was  with  the 
Eye-Fi  card;  configur¬ 
ing  it  to  connect  to  my 
home  Wi-Fi  network 
came  with  some  hassles, 
and  getting  the  card  to 
work  in  Direct  Mode  (in 
areas  where  you  didn’t 
have  Wi-Fi,  you  could  still, 
in  theory,  transfer  images 
and  documents  via  the 
smartphone  app)  was 
difficult.  Based  on  these 
issues,  it’s  possible  I  had  a 
defective  Eye-Fi  card. 

On  the  scanner  itself,  the  only  issue  I  can 
see  is  the  $250  price  tag;  if  Xerox  could  get 
that  down  to  $150  or  less,  this  would  make 
a  great  gift  for  non-techie  users;  otherwise, 
it’s  an  office  device  that  can  be  shared  with 
employees. 

►  Bottom  line:  Scanning  made  simple  for 
those  with  lots  of  old  photos  they’d  like  to 
digitize,  or  the  mobile  worker  who  wants 
to  reduce  paper  overload  (business  cards, 
receipts,  etc.). 

►  Grade  ★★★★-«  (out  of  five). 
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The  future  of  end-user  computing: 

Two  visions 


END-USER  COMPUTING  IS  UNDERGOING 

ITS  most  significant  transition  in  30 
years  as  focus  moves  from  technol¬ 
ogy  to  the  business  results  it  delivers. 
This  shift  is  driven  by  market  matu¬ 
rity  and  by  the  realization  that  current 
approaches  are  no  longer  sustainable. 
Add  the  explosion  in  expectations 
for  mobility,  collaboration  and  user- 
choice  and  we  see  IT  organizations 
today  caught  between  a  rock  and  a 
hard  place:  seeking  to  maintain  the 
function  of  what  they  have  now  and 
responding  to  new  demands. 

Over  the  next  decade,  IT  organi¬ 
zations  will  throw  off  the  shackles 
of  the  static  management  methods 
that  have  made  end-user  computing 
environments  so  costly  to  run  and 
difficult  to  adapt.  In  doing  so,  they  will  embrace  approaches  that 
change  the  relationship  between  business  results,  technology 
assets  and  how  users  work: 

■  Ownership  of  applications  and  devices  will  become  increas¬ 
ingly  optional  for  organizations  and  users. 

■  Technology  diversity  will  become  the  norm,  not  an  exception. 

■  Operational  cost  and  complexity  will  fall  sharply. 

■  The  focus  of  management  will  shift  from  platforms  to 
applications. 

These  changes  will  not  only  occur  through  the 
supply  of  new  capabilities,  but  also  because  our 
businesses  and  economies  require  it.  Thanks  to 
the  rapid  emergence  of  cloud-based  approaches, 
most  organizations  already  expect  this.  They  also 
expect  the  transition  to  be  a  journey,  completed  in 
multiple  steps. 

Some  facets  of  end-user  computing  today  are 
simply  no  longer  sustainable: 

■  Asset-level  processes:  Configuring,  maintain¬ 
ing  and  securing  each  device,  platform  or 
application  through  a  separate  process  is  a  non- 
scalable  approach  when  diversity  in  all  three  is 
increasing  —  it  creates  barriers  to  adoption  of 
assets  and  drives  a  “one-size-fits-all"  mentality. 

■  High  operational  costs:  End-user  computing 
is  one  of  the  highest  cost  areas  in  IT,  with  most 
expense  driven  by  operational  overhead. 

■  Zero  marginal  benefits:  Most  investment  in 

►  Sec  yHivnare,  page  24 


THE  FUTURE  OF  END-USER  COMPUTING 

is  here  today ...  and  it’s  in  your  pocket. 
And  your  house,  your  office  and  your 
favorite  seat  on  the  8  a.m.  train.  It’s 
wherever  you  are. 

The  future  of  end-user  computing 
begins  and  ends  with  you.  There  is 
little  debate  that  mobile  work  styles 
powered  by  the  cloud  are  rapidly 
becoming  the  new  normal  for  com¬ 
puting.  This  does  not  mean  the  per¬ 
sonal  computer  is  going  away  —  it 
simply  means  that  it  is  becoming  part 
of  something  much  bigger.  Some¬ 
thing  that  parallels  the  transforma¬ 
tion  the  PC  itself  ushered  in  some  30 
years  ago.  At  Citrix,  we  believe  a  new 
“PC”  is  taking  center  stage  —  the  “Per¬ 
sonal  Cloud.” 

The  personal  cloud  represents  a 
new  way  of  interacting  with  infor¬ 
mation  that  is  free  from  the  limitations  of  traditional  PC-centric 
computing.  It  provides  secure,  instant  access  to  the  apps,  data  and 
people  necessary  to  get  work  done  from  any  device,  anywhere.  It 
means  that  we  don’t  have  to  leave  our  child’s  soccer  game  and  drive 
to  the  office  to  get  meaningful  work  done.  It  means  we  can  collabo¬ 
rate  with  teams  of  engineers  across  multiple  sites  and  see,  speak 
and  engage  with  one  another  in  high-definition. 
It  also  means  that  we  can  create,  review  and  edit 
documents,  then  share,  synch  and  secure  those 
files  on  any  device. 

IT,  however,  is  struggling  to  reconcile  the  con¬ 
flicting  priorities  of  maintaining  control  through 
standardization  versus  enabling  users  with  the 
freedom  that  consumerization  offers.  Today’s  sys¬ 
tems,  designed  and  built  for  the  PC  era,  are  based 
on  the  assumption  that  most  people  work  in  an 
office  using  a  corporate-issued  PC  that  is  primar¬ 
ily  attached  to  a  wired  network.  Most  of  the  current 
systems  and  policies  are  built  on  this  assumption, 
making  exceptions  like  mobile  users  and  personal 
devices  difficult  to  manage.  In  the  cloud  era,  a  new 
IT  is  emerging.  Instead  of  treating  mobile  work 
styles  as  an  exception,  successful  IT  leaders  will 
design  systems  and  policies  assuming  that  every¬ 
one  is  mobile,  using  multiple  personal  devices  con¬ 
necting  over  wireless  networks. 

►  See  Citrix,  page  24 
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►  VMware,  from  page  23 

end-user  computing  is  consumed  in  updating  hardware  and 
operating  systems  —  by  the  need  to  replace  end-of-life  assets, 
rather  than  embracing  new  capabilities  that  deliver  produc¬ 
tivity  or  revenue  benefits.  The  money  is  spent  to  stand  still,  not 
to  move  forward,  so  end-user  computing  is  seen  as  a  “cost  of 
doing  business.” 

All  these  facets  are  driven  by  how  we  manage  end-user  com-' 
puting  today.  Only  by  standardizing  management  processes  and 
tools  can  we  contain  operational  costs  and  maintain  acceptable 
levels  of  security. 

Today  we  standardize  the  assets  deployed.  This  drives  a  one-size- 
fits-all  approach  to  how  users  are  equipped,  which  in  turn  leads  to 
inertia  and  high  costs  of  change.  Implicitly  it  drives  a  desire  IT’s 
behalf  to  resist  change  —  otherwise  cost  and  complexity  will  rise. 

In  the  future,  processes  and  tools  must  be  standardized  across 
more  diverse  assets  so  applications  of  different  types  can  be 
accessed  and  managed  in  the  same  way,  irrespective  of  the  type  of 
device.  This  will  break  the  inertia  of  “configuration  standardiza¬ 
tion”  and  allow  us  to  accommodate  change,  rather  than  resist  it. 
Achieving  this  critical  goal  requires  that,  instead  of  managing  the 
devices  used  and  the  resources  accessed,  we  manage  from  the  point 
at  which  resources  are  accessed. 

In  VMware’s  vision  for  end- 
user  computing,  this  central 
point  is  called  Horizon  —  a 
hub  to  which  users  connect 
and  through  which  access  to 
resources  is  managed.  One 
of  those  resources  might  be  a 
virtualized  desktop  delivered 
through  VMware  View,  where 
legacy  applications  can  be  run 
for  as  long  as  they’re  needed. 

The  legacy  applications 
accessed  through  such  a  virtu¬ 
alized  environment  would  still 
come  at  some  cost  of  complexity, 
but  less  than  in  today’s  tightly 
coupled  world  of  physical 
devices  and  operating  systems. 
New  applications  will  exploit  Web-based  or  SaaS-type  approaches 
and  be  connected  directly  to  the  hub  with  no  cost  of  integration.  As 
applications  are  replaced  and  upgraded,  they  will  move  from  the 
legacy  container  to  the  hub,  driving  reductions  in  operational  costs. 
This  approach  will  have  far  reaching  implications.  It  will: 

■  Enable  more  granular  control  and  audit. 

■  Expose  direct  associations  between  the  cost  of  resources  and  the 
results  they  deliver,  changing  perceptions  of  marginal  benefit. 

■  Significantly  reduce  the  costs  of  new  applications. 

■  Eliminate  traditional  barriers  to  non-owned  and  non-stan¬ 
dard  devices. 

■  Drive  dramatic  improvements  in  elasticity,  simplifying  the 
processes  of  business  change. 

In  the  long  run,  the  end-user  computing  focus  will  shift  from  the 
technology  being  used  to  the  results  delivered.  ■ 

VMware  is  the  leader  in  virtualization  and  cloud  infrastructure 
solutions  that  enable  businesses  to  thrive  in  the  cloud  era. 
Customers  rely  on  VMware  to  help  them  transform  the  way  they 
build,  deliver  and  consume  IT  resources  in  a  manner  that  is 
evolutionary  and  based  on  their  specific  needs. 


►  Citri x,  from  page  23 

They  will  assume  that  apps  will  increasingly  be  delivered  as 
cloud  services  —  whether  private  or  public  —  and  that  many  of 
those  apps  will  be  micro-apps  because  simpler  is  better,  faster 
and  cheaper.  And  they  will  optimize  for  self-service  apps,  deliv¬ 
ered  through  enterprise  app  stores,  where  every  worker’s  files  and 
apps  are  easy  to  access,  share  and 
secure  on  any  device. 

By  designing  and  building 
to  this  new  set  of  assumptions, 
something  amazing  happens  — 
when  employees  do  come  into 
a  physical  office,  sit  down  at  a 
company-owned  PC  and  connect 
to  a  corporate  network,  it  doesn’t 
cost  one  incremental  dollar  more.  Those  services  are  effectively 
free  because  IT  has  designed  everything  assuming  a  mobile  work 
style.  This  approach  also  means  that  IT  no  longer  has  to  place  bets 
on  which  devices,  platforms  or  app  types  are  going  to  win  —  in  the 
cloud  era,  “any-ness”  becomes  the  new  standard. 

At  Citrix,  we  see  the  future  of  end  user  computing  being  com¬ 
prised  of  three  “PCs.”  “Personal  clouds”  are  emerging  to  enable 
a  highly  productive,  mobile  work  style,  and  “private  clouds”  and 
“public  clouds”  are  converging  to  ensure  that  every  IT  service  will 
one  day  become  a  flexible,  powerful,  cloud-based  service. 

The  personal  cloud  is  where  the  user’s  collaboration  tools,  data 
and  applications  reside  and  are  accessible  across  any  device.  Key 
technology  components  of  the  personal  cloud  include: 

■A  universal  client  like  Citrix  Receiver  that  enables  true  device 
independence  and  a  high-definition  user  experience. 

■  Real-time  collaboration  with  high-definition  voice,  video  and 
document  sharing  as  provided  by  Citrix  GoToMeeting  and 
HDFaces. 

■  Sharing,  syncing  and  securing  of  files  on  any  device  from  a 
robust  service  like  Citrix  ShareFile. 

The  converged  private  and  public  clouds  must  contain  the  fol¬ 
lowing  technologies  to  deliver  on  the  promises  of  the  cloud  era: 

■  A  single  point  of  control  that  unifies  the  provisioning  and 
security  of  Windows,  Web,  SaaS  and  mobile  apps  through  an 
enterprise  storefront  like  Citrix  CloudGateway. 

■  Desktop  and  app  virtualization  technology  like  Citrix 
XenDesktop,  that  transforms  Windows  desktops  and  apps 
into  an  on-demand  service  available  to  any  user,  anywhere,  on 
any  device. 

■  A  bridge  to  public  clouds  that  transparently  enables  infinite 
data  center  capacity,  like  Citrix  CloudBridge. 

■  Cloud  orchestration  technology  such  as  Citrix  CloudStack 
and  CloudPortal,  that  enable  building  Amazon-style  clouds 
services  within  an  organization’s  data  center. 

Mobile  work  styles  are  here  today  and  here  to  stay.  Citrix  is 
already  delivering  on  the  concepts  discussed  above.  Underlying  all 
of  our  efforts  is  our  core  philosophy  of  optimizing  for  the  end-user 
experience.  During  our  23-year  history,  we  have  been  focused  on 
delivering  the  best  possible  user  experience,  and  we  will  continue 
to  lead  with  that  goal  in  the  post  PC/3  PC  era.  Oh,  and  you  don’t 
need  to  buy  bigger  pants.  The  future  of  end-user  computing  fits 
quite  nicely  in  the  pockets  you  have  today.  ■ 

Citrix  Systems  is  transforming  how  people,  businesses  and  IT 
work  and  collaborate  in  the  cloud  era. 

€)  Send  Debate  Suggestions  to  jdix@nww.com 
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ENTERPRISE-LEVEL  NETWORK  MANAGEMENT 


HP,  IBM,  CA  deliver  powerful  toolkits 

Each  software  suite  can  optimize  performance,  solve  problems  and  help  save  money 


BYBARRYNANCE _ 

A  network  that  measures  down¬ 
time  in  millions  of  dollars 
per  minute  (or  per  second!) 
needs  a  serious,  enterprise- 
level  network  management 
tool.  Nothing  less  will  do. 

The  ideal  network  management  platform 
accurately  discovers  devices,  computers 
and  applications  on  the  network,  works  on 
networks  of  any  size  and  uses  computing 
resources  frugally  (after  all,  it  performs  no 
data  processing  —  it’s  there  to  watch  over  the 
network). 

It  can  work  within  the  framework  of  a 
global  directory  (LDAP,  for  example).  It 
graphically  depicts  the  entire  network,  sub¬ 
sets  of  the  network  and  individual  devices.  It 
monitors  the  status  and  health  of  every  device 
or  computer  on  the  network.  It  can  glean 
its  data  from  a  variety  of  sources,  including 
agents,  probes,  SNMP-enabled  devices,  log 
files  and  Windows  performance  files. 

That’s  not  all.  It  needs  to  work  as  well  with 
IPv6  as  it  does  with  IPv4;  accept  and  use  com¬ 
plex  descriptions  of  thresholds;  and  can  send 
alert  notifications  via  email,  pager  or  text 
message  to  different  individuals  or  groups 
depending  on  the  nature  of  the  problem,  and 
it  can  escalate  these  notifications  when  the 
problem  persists. 

It  also  must  perform  root  cause  analysis  to 
identify  a  problem  device  or  computer  that’s 
causing  a  cascade  of  network  error  mes¬ 
sages.  It  can  correct  some  problems  auto¬ 
matically  by  restarting  a  process,  resetting 
a  port  or  running  a  script.  It  works  within 
virtual  environments  and  cloud-based 
environments.  It  integrates  with  help  desk 
software  and  with  other  monitoring  tools. 
It  produces  useful,  easy-to-understand  and 
timely  reports.  It’s  highly  scalable  and  reli¬ 
able.  And  the  ideal  network  management  is 
easy  to  use. 

We  invited  four  enterprise-level  network 
management  software  vendors  to  submit 
their  best  products  for  review  in  our  Ala¬ 
bama  lab.  IBM  sent  us  Tivoli  Netcool/OMNI- 
bus  and  Tivoli  Network  Manager  IP  Edition, 
CA  Technologies  sent  us  CA  eHealth  and  CA 
NetQoS  Reporter  Analyzer.  And  HP  sent  both 
the  Windows  and  Linux  versions  of  its  Auto¬ 
mated  Network  Management  Suite.  BMC 
initially  accepted  our  invitation,  but  then 
offered  us  “a  guided  tour  of  the  products  in 
our  environment”  instead  of  sending  us  a 
product  to  review. 

Picking  a  winner  among  these  three 


CLEAR 


network  managers  is  impossible.  Each  one 
is  a  sophisticated,  mature  and  highly  capable 
tool  for  achieving  maximum  network  avail¬ 
ability,  uptime  and  performance.  If  you  have 
a  serious  network,  any  one  of  these  three  net¬ 
work  managers  will  help  you  quickly  solve 
network  problems  and  will  save  your  organi¬ 
zation  megabucks. 

HP  Automated  Network 
Management  Suite:  Flawless, 
scalable,  modular 

HP’s  Automated  Network  Management 
Suite’s  high  points  are  its  modularity,  its  abil¬ 
ity  to  monitor  service  level  compliance  and  its 
automation  of  many  of  a  network  engineer’s 
daily  tasks  —  i.e.,  it’s  scalable,  it  helps  track 
actual  vs.  expected  performance  and  it  saves 
time.  As  we  tested,  we  didn’t  find  any  draw¬ 
backs  in  Automated  Network  Management 
Suite. 

Automated  Network  Management  Suite 
consists  of  Network  Node  Manager  (NNM) 
and  a  spate  of  components  and  Smart  Plug¬ 
ins  (SPI),  including  HP  Network  Automa¬ 
tion,  NNMi  Integration  Enablement,  NNM 
iSPI  Network  Engineering  Toolset,  NNM 
iSPI  Performance  for  Metrics,  NNM  iSPI 
Performance  for  Traffic  and  NNM  iSPI  Per¬ 
formance  for  Quality  Assurance,  NNM  iSPI 
Performance  for  Traffic,  NNM  iSPI  for  IP 
Telephony,  NNM  iSPI  for  IP  Multicast  and 
NNM  iSPI  for  Multiprotocol  Label  Switch¬ 
ing  (MPLS),  all  under  an  umbrella  of  network 
automation.  Network  Node  Manager  moni¬ 
tors  for  faults  and  network  availability,  while 
the  performance-related  plug-ins  gather  uti¬ 
lization  data  and  monitor  for  specific  devices, 
protocols  and  applications. 

Automated  Network  Management  Suite 
accurately  discovered  our  network  (noting  all 
our  network  devices,  servers  and  virtualized 
environments),  tracked  device  status,  pro¬ 
cessed  SNMP  alerts,  graphically  displayed 
our  network,  alerted  us  to  problems,  fixed 
problems  automatically,  gathered  statistics 
and  produced  useful  reports. 

HP  supplies  more  than  2,000  Man¬ 
agement  Information  Bases  (MIB)  with 


Automated  Network  Management  Suite. 
These  cover  a  wide  variety  of  network  equip¬ 
ment  from  over  50  major  hardware  vendors, 
equipment  that  includes  routers,  switches, 
bridges  and  repeaters. 

Automated  Network  Management  Suite 
captured  some  Layer  2  data,  but  for  the  most 
part  it  mapped  Layer  3  details.  Just  a  few 
of  the  myriad  details  were  utilization  and 
error  percentages,  total  packets  by  category 
and  by  protocol,  retransmits,  server  mem¬ 
ory  utilization  and  full-duplex  utilization 
percentage. 

Automated  Network  Management  Suite 
collected  network  health  data,  analyzed 
the  stored  device  status  and  event  data  and 
reported  results  in  useful  charts  and  graphs. 
The  system’s  root-cause  problem  analysis 
was  especially  helpful  in  zeroing  in  on  a 
specific  device  that  was  causing  an  outage 
or  performance  problem,  while  its  path- 
analysis  capability  was  similarly  helpful 
in  pinpointing  problems  and  performance 
degradations  involving  network  pathways 
and  linkages. 

Automated  Network  Management  Suite’s 
automatic  baseline  feature  set  alarm  thresh¬ 
olds  for  us  by  analyzing  collected  device  sta¬ 
tus  and  event  data,  thus  giving  it  the  ability 
to  more  realistically  detect  exceptions,  faults 
and  errors.  After  it  created  a  baseline  for  our 
network,  we  manually  added  a  few  thresh¬ 
olds  of  our  own.  Automated  Network  Man¬ 
agement  Suite  thereafter  generated  prompt 
and  highly  informational  alarms,  via  pager 
or  email,  to  notify  us  when  the  thresholds 
were  exceeded. 

Automated  Network  Management  Suite’s 
distributed  architecture  scales  well  to  handle 
larger  and  more  complex  network  environ¬ 
ments.  Automated  Network  Management 
Suite  even  monitored  itself  to  ensure  it’s 
running  normally.  It  paged  our  administra¬ 
tor  and  sends  email  alerts  if  the  self-monitor 
finds,  for  instance,  that  Network  Node  Man¬ 
ager,  or  its  server,  had  died.  Automated  Net¬ 
work  Management  Suite  can  initiate  correc¬ 
tive  actions,  such  as  restarting  a  background 
process  or  resetting  a  router  port. 

The  Web  browser-based  user  interface  is 
responsive,  thoughtfully  designed  and  highly 
configurable.  Automated  Network  Manage¬ 
ment  Suite  provides  a  central  console  for 
controlling  multiple  Network  Node  Manager 
instances.  This  central  console  consolidated 
event  management,  performance  monitor¬ 
ing  and  automated  alert  processing  in  the 
lab.  Our  network  administrator  used  its 
high-level  Visual  Basic  Script-like  language 


26  MARCH  12, 2012  www.networkworld.com 


Microsoft 


BUILT  FOR  TVM  FUTURE. 


READY  r  JW 


Microsoft  Private  Cloud  Solutions 

In  the  future,  your  datacenter  will  need  to  be  a  profit  center. 

Go  with  a  private  cloud  solution  that  doesn't  charge  per  VM. 
Learn  more  at  Microsoft.com/readynow 


Windows  Server 


^5^  Microsoft* 

System  Center 


CLEAR  ENTERPRISE-LEVEL  NETWORK  MANAGEMENT 

CHOICE 

TEST 

NETRESULTS  nimiiiitiiiiiinmiiiniiiiiiif  iiiiiiiiiiitiimiiiitiiiiiiiimmiiiiiiiiiiiiiiiiiiimmiiimimmii 


Product 

IBM  Tivoli  Netcool/OMNIbus 
and  Network  Manager  8.2 

CA  eHealth  and  NetQoS 
ReporterAnalyzer  6.2 

HP  Automated  Network 
Management  Suite  9.10 

Company 

IBM 

CA  Technologies 

HP 

Price 

Starts  at  $18,000 

Starts  at  $50,000 

Starts  at  $3,000 

Pros 

Handles  tens  of  millions  of 
events  per  day;  quickly  and 
accurately  distills  root  causes 

Supports  myriad  diverse  device  types; 
does  predictive  performance  analysis; 
offers  a  wealth  of  useful  reports 

Modularity,  ability  to  monitor 
service  level  compliance  and 
automation  of  many  daily  tasks 

Cons 

Browser-based  user  interface  was 
somewhat  cumbersome  and  not 
as  responsive  as  we’d  have  liked 

Higher  than  expected  consumption 
of  computing  resources 

None 

to  customize  the  Automated  Network  Man¬ 
agement  Suite’s  behavior  and  display.  The 
console  dashboard’s  network  health  indica¬ 
tors  were  helpful  and  informative. 

For  business-oriented  service-level  agree¬ 
ments  (SLA)  we  established.  Automated  Net¬ 
work  Management  Suite  tracked  our  transac¬ 
tions,  their  network  travel,  their  processing 
at  the  server  and  their  storage  in  a  database. 
Automated  Network  Management  Suite  gave 
us  availability  and  response  time  details,  and 
it  alerted  us  when  any  of  our  SLA  parameters 
were  exceeded. 

Automated  Network  Management  Suite 
runs  on  Windows  Server  2003,  Windows 
Server  2008,  Red  Hat  Enterprise  Linux  and 
Solaris. 

IBM  Tivoli  Netcool/OMNIbus:  Highly 
scalable,  excellent  problem-solving 
abilities,  highly  configurable  and 
integrates  well  with  other  systems 

Tivoli  Netcool/OMNIbus  consolidates 
network  status  and  health  data  from  mul¬ 
tiple  network  domains  and  subnets.  Netcool/ 
OMNIbus  supervises  and  manages  network 
events  across  a  network  of  virtually  any  size 
and  complexity.  Netcool/OMNIbus  gets 
much  of  its  data  from  Tivoli  Network  Man¬ 
ager  IP  Edition,  which  collects  and  stores 
data  from  network  Layers  2  and  3. 

Tivoli  Network  Manager’s  stored  network 
knowledge  includes  information  about  both 
physical  and  logical  network  connections. 
It  accurately  and  helpfully  recognized,  for 
instance,  VPN,  virtual  LAN,  asynchronous 
transfer  mode  (ATM),  frame  relay  and  MPLS 
connections  in  addition  to  our  physical,  port- 
to-port  device  connections. 

Together,  Netcool/OMNIbus  and  Network 
Manager  gave  us  a  clear  and  accurate  picture 
of  the  test  networks  we  asked  them  to  manage, 
no  matter  how  complex.  Through  Netcool/ 
OMNIbus  and  Network  Manager,  we  config¬ 
ured  quite  sophisticated  threshold  tests,  such 


as  “Emit  an  alert  if  the  San  Francisco  WAN 
link’s  utilization  exceeds  5%  on  Saturdays 
and  Sundays,  20%  after  8  p.m.  during  the 
week,  50%  during  weekdays  or  75%  at  10  a.m. 
and  2  p.m.  on  weekdays.” 

For  reliability’s  sake,  Netcool/OMNIbus 
and  Network  Manager  monitored  them¬ 
selves  and  restarted  automatically  when  we 
artificially  caused  a  monitoring/manage¬ 
ment  component  to  fail. 

Netcool/OMNIbus  and  Network  Manager 
support  current  and  evolving  standards, 
including  ITIL,  Cobit,  eTOM,  IPv4  and  IPv6, 
and  uses  FIPS  140-2  approved  cryptographic 
providers. 

To  our  delight,  Netcool/OMNIbus  and 
Network  Manager  worked  well  in  both  mixed 
and  pure  environments  when  we  confronted 
them  with  IPv4  and  IPv6  packets. 

We  also  noted  that  network-intensive  orga¬ 
nizations  that  use  an  operational  support  sys¬ 
tem  (OSS)  to  track  network  inventory,  the  pro¬ 
visioning  of  services  and  the  configuration  of 
network  components  will  appreciate  Network 
Manager’s  ability  to  integrate  with  an  OSS. 

Tivoli  Netcool/OMNIbus  and  Tivoli  Net¬ 
work  Manager  excelled  at  handling  millions 
and  even  tens  of  millions  of  events  per  day  in 
our  tests.  Moreover,  for  each  network  prob¬ 
lem  we  artificially  induced,  Netcool/OMNI¬ 
bus  and  Network  Manager  quickly  and 
accurately  sifted  through  and  analyzed  the 
events  to  distill  root  causes  for  us.  Netcool/ 
OMNIbus  and  Network  Manager  saved  us 
the  equivalent  of  hundreds  of  hours  of  net¬ 
work  troubleshooting  when  it  pinpointed  the 
actual  problem  devices  that  were  responsible 
for  a  cascade  of  network  error  messages.  Net¬ 
cool/OMNIbus  and  Network  Manager  even 
located  a  fault  we  caused  in  a  backup  data 
path.  If  the  primary  path  had  failed,  the  fault 
would’ve  kept  the  backup  path  from  taking 
over  for  the  primary  data  path. 

On  the  downside,  Netcool/OMNIbus’  and 
Network  Manager’s  browser-based  user 


interface,  Netcool/Webtop,  was  somewhat 
cumbersome  and  not  as  responsive  as  we’d 
have  liked.  Netcool/Webtop  is  a  Java  appli¬ 
cation  that  displays  dashboards  of  maps, 
charts,  tables  and  event  lists.  To  its  credit, 
when  we  logged  on  as  super-administrators, 
we  could  easily  configure  Netcool/Webtop  to 
show  just  those  dashboard  components  we 
wanted  to  see. 

However,  the  Netcool/Webtop  user  inter¬ 
face  was  a  bit  sluggish.  In  comparison,  we’ve 
seen  some  complex  Ajax-enabled  (i.e.,  JavaS¬ 
cript-based)  Web  browser  interfaces  that 
were  snappier  and  more  responsive.  IBM 
provides  additional  graphical  tools  in  the 
form  of  Netcool/Desktop,  a  native  Motif-  or 
Windows-based  client  that  presents  an  alter¬ 
native  view  of  network  activity.  Like  Netcool/ 
Webtop’s,  Netcool/Desktop’s  display  is  highly 
configurable. 

IBM  supplies  more  than  1,000  software- 
based  Netcool  Probes  with  Netcool/OMNI¬ 
bus  and  Network  Manager.  These  are  light¬ 
weight  agents  we  easily  deployed  across  the 
far  reaches  of  our  network. 

Netcool  Probes  stand  watch  over  a  wide 
variety  of  network  devices,  servers  and 
server  processes,  and  they  report  status  and 
health  information  to  a  central  console.  We 
also  noted  that  organizations  with  vertical- 
market  business  applications  can  painlessly 
create  Netcool  Probes  that  can  monitor  the 
running  of  the  business  application  to  alert 
an  administrator  when,  for  example,  the 
application  crashes  or  it  begins  consuming 
excessive  CPU  resources.  IBM  ships  more 
than  600  MIBs  with  Netcool/OMNIbus. 

Netcool/OMNIbus  works  hand-in-glove  to 
automatically  open  and  close  trouble  tickets 
in  help  desk  trouble-ticket-tracking  software 
such  as  Siebel,  Peregrine  and  of  course  Tivoli 
Service  Request  Manager. 

Netcool/OMNIbus  and  Network  Man¬ 
ager  run  on  Solaris,  HP-UX,  AIX,  Windows 
Server  2003,  Windows  Server  2008,  Red 
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Hat  Enterprise  Linux,  SLED,  SUSE  Linux 
Enterprise  Server  and  VMware  ESX  for  Red 
Hat  EL. 

CA  eHealth  and  NetQoS 
Reporter  Analyzer:  Powerful 
predictive  analysis,  excellent 
reporting  features 

EHealth’s  and  NetQoS  ReporterAnalyzer’s 
strong  suits  are  their  ability  to  handle  diverse 
device  types,  their  ability  to  do  predictive 
performance  analysis  and  the  wealth  of  use¬ 
ful  reports  they  offer.  If  eHealth  and  NetQoS 
ReporterAnalyzer  have  a  weakness,  it’s 
their  consumption  of  computing  resources. 
You  might  need  a  somewhat  faster  server, 
for  instance,  on  which  to  run  eHealth  and 
NetQoS  ReporterAnalyzer. 

EHealth  is  CA’s  enterprise-level  network 
monitoring  and  management  tool  for  find¬ 
ing  and  fixing  network  faults,  while  NetQoS 
ReporterAnalyzer  is  a  network  traffic  analy¬ 
sis  tool  that  reveals  how  a  particular  type  of 
traffic  or  a  specific  network  node  are  exceed¬ 
ing  thresholds. 

At  an  interval  we  could  configure,  eHealth 
polled  our  network  devices  to  collect  status 
and  health  data.  EHealth  then  used  a  patented 
set  of  highly  complex  algorithms  to  know 
which  part  of  the  network  was  failing  or  was 
likely  to  fail  soon.  This  predictive  analysis 
feature  is  a  godsend  for  organizations  that  can 
little  afford  network  downtime  and  that  want 
to  proactively  stay  ahead  of  potential  network 
problems. 

When  eHealth  detected  a  threshold  breach 
that  we  created,  it  sent  us  email  and  paged 
us.  If  we  ignored  the  initial  alerts,  it  escalated 
matters  by  emailing  and  paging  a  second  tier 
of  people.  Alerts  can  be  triggered  for  hard 
outages  such  as  loss  of  communication  with 
a  device  or  when,  for  example,  a  WAN  link 
exceeds  a  threshold  because  network  utiliza¬ 
tion  is  higher  than,  say,  75%. 

We  could  express  quite  complex  thresh¬ 
olds  with  eHealth,  which  used  CA’s  Time- 
Over-Threshold  (TOT)  or  Deviation-From- 
Normal  (DFN)  algorithms  to  keep  false 
alarms  to  a  minimum.  We  could  specify  that 
we  wanted  to  be  alerted  if  network  utilization 
exceeded  a  threshold  even  once,  or  we  could 
specify  that  we  wanted  to  be  alerted  only  if 
high  network  utilization  persisted  for  a  speci¬ 
fied  period  of  time. 

EHealth’s  dashboard  display  provided 
real-time  status  information  for  the  net¬ 
work.  EHealth  also  has  a  central  console  user 
interface  that  graphically  depicts  the  entire 
network  or  any  portion  of  it.  Clicking  on  a  yel¬ 
low  (minor  alert)  or  red  (major  alert)  network 
device  drills  down  through  eHealth’s  data 


to  reveal  the  nature  of  a  problem  as  well  as 
details  about  the  problem.  We  liked  that  we 
could  generate  instant  reports  to  help  docu¬ 
ment  the  problem. 

EHealth’s  reports  are  informative,  easy  to 
understand  and  easy  to  produce.  We  used  its 
reports  to  help  troubleshoot  problems,  iden¬ 
tify  unusual  network  behavior  for  future 
investigation,  document  SLA  compliance 
and  identify  trends  for  capacity-planning 
purposes.  Through  the  simple-to-use  reports 
interface,  we  could  select  the  network  ele¬ 
ments  or  groups  of  elements  we  wished  to 
document,  specify  a  chart  type  (Line,  Bar, 
Stacked  Line)  and  choose  a  calendar  window 
such  as  “Today”  or  “Previous  7  Days.”  We 
could  also  set  up  custom  date  and  time  ranges 
for  our  reports. 

EHealth’s  At-a-Glance  Reports  were  our 
first  line  of  defense  when  we  needed  to  docu¬ 
ment  a  problem  so  we  could  collaboratively 
share  the  nature  of  the  problem  with  other 
network  engineers.  At-a-Glance  Reports 
provide  a  high-level,  quick  view  of  key  data, 
including  network  utilization,  server  utiliza¬ 
tion  (CPU,  memory  or  hard  disk),  the  identity 
of  a  failed  application  and  network  connectiv¬ 
ity  errors. 

We  found  eHealth’s  Trend  Reports  made 
quick  work  of  capacity  planning  chores.  For 
all  or  any  part  of  the  network  and  for  what¬ 
ever  time  period  we  wished,  we  could  config¬ 
ure  and  schedule  reports  that  showed  exactly 
the  device,  computer,  application  or  network 
behaviors  we  wanted  to  document.  We  used 
these  reports  initially  to  produce  a  baseline 
of  the  network.  Then,  over  time,  we  used 
these  reports’  graphs  and  charts  to  precisely 
identify  utilization  trends  that  revealed  the 
upgrades  we  should  plan  for.  We  also  set  up 
a  number  of  tabular  reports  to  document 
uptime  and  availability  as  well  as  provide 
utilization  statistics  for  billing  (chargeback) 
purposes. 

We  particularly  liked  eHealth’s  report 
customization  features,  which  let  us  pro¬ 
duce,  for  example,  trend  reports  for  a  specific 
user  group  and/or  specific  set  of  network 
resources,  such  as  databases. 

Impressively,  CA  includes  more  than  5,000 
MIBs  in  eHealth. 

EHealth  and  NetQoS  ReporterAnalyzer 
run  on  Windows  Server  2003  and  Solaris. 

Conclusion 

All  three  of  these  network  managers  —  IBM 
Tivoli  Netcool/OMNIbus  and  Tivoli  Net¬ 
work  Manager  IP  Edition,  CA  eHealth  and 
CA  NetQoS  ReporterAnalyzer  and  HP  Auto¬ 
mated  Network  Management  Suite  —  are  top- 
of-the-line,  mature  and  highly  capable  tools 


How  we  did  it 

We  evaluated  each  product 
in  several  different  areas: 
discovery  and  enumera¬ 
tion  of  devices  and  computers, 
support  for  a  variety  of  device 
manufacturers  and  device  types, 
global  directory  integration, 
graphical  depiction  of  the  network, 
monitoring  of  network  node  status 
(availability),  performance  and 
health,  alerts  and  notifications 
when  network  problems  occur, 
automated  corrective  actions, 
maintenance  of  trouble  tickets  (or 
integration  with  a  help  desk  tool), 
support  for  virtualized  environ¬ 
ments  and  the  production  of  use¬ 
ful,  informative  reports. 

In  particular,  we  wanted  these 
reports  to  establish  baselines, 
show  available  and  unavailable 
devices,  log  device  availability 
histories,  identify  trends  and  help 
us  spot  conditions  that  could  result  ^ 
in  future  network  problems. 

Our  test  environment  consisted 
of  six  routed  Fast  Ethernet  subnet 
domains  that  have  T-l,  T-3  and 
DSL  links  to  the  Internet.  We 
installed  the  network  monitoring 
software’s  server  component(s)  on 
a  four-way  HP  Proliant  computer 
alternately  running  Windows  2008 
Server  and  Windows  2003  Server. 

The  50  client  computers  on  our 
network  were  a  mix  of  Windows 
XP,  Windows  2003,  Windows 
2008,  Windows  7,  Windows  Vista, 

Red  Hat  Linux  and  Macintosh 
platforms.  Relational  databases  on 
the  network  were  Oracle,  Sybase 
Adaptive  Server  and  Microsoft 
SQL  Server.  Web  servers  on  the 
network  were  Internet  Information 
Server  (IIS)  and  Apache. 


for  ensuring  maximum  availability,  uptime 
and  performance.  ■ 

Barry  Nance  runs  Network  Testing  Labs  and 
is  the  author  of  "Network  Programming  in  C,” 
"Introduction  to  Networking,  4th  Edition"  and 
“Client/Server  LAN  Programming."  His  email 
address  is  barryn@erols.com. 
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►  iPad ,  from  page  1 

LTE  cellular  support,  voice  dictation,  and  a 
greatly  improved  rear-facing  5-megapixel 
camera.  It  will  run  iOS  5.1  and  be  available 
starting  next  week.  Importantly,  both  pricing 
and  battery  life  are  unchanged. 

“The  processor  speed,  4G,  and  improved 
screen  resolutions  are  all  big  pluses  for  the 
enterprise,”  says  Manoj  Prasad,  vice  presi¬ 
dent  of  global  applications  and  testing  for 
Life  Technologies,  a  biotech  products  com¬ 
pany  in  Carlsbad,  Calif.,  with  a  growing  iPad 
deployment.  “4G,  the  new  processor  speed 
and  improved  screen  res¬ 
olutions  will  allow  IT  to 
port  more  backend  appli¬ 
cations  like  Oracle,  and 
Siebel  to  iPad.” 

But  he  still  thinks  the 
tablet  can’t  yet  substitute 
for  laptops.  “It  still  lacks 
the  capabilities  to  com¬ 
pletely  replace  laptops, 
making  the  ROI  calcula¬ 
tion  for  iPad  difficult,” 

Prasad  says. 

Others  say  Apple’s  pri¬ 
orities  for  the  new  iPad 
means  it  can  be  applied 
in  entirely  new,  emerging 
areas  where  laptops  make 
no  sense,  or  at  least  no 
sense  anymore. 

“For  an  understanding 
of  where  the  iPad  is  going  it’s  critical  to  note 
the  focus  on  processing  power  and  resolu¬ 
tion,”  says  Benjamin  Levy,  a  principal  with 
Solutions  Consulting,  a  Los  Angeles  firm  that 
specializes  in  Apple  and  iOS  deployments  for 
enterprise  customers.  “The  iPad  is  no  longer 
an  addition  to  existing  platforms  and  work 
structures  but  is  now  fully  capable  on  its 
own  and  will  be  defining  new  ways  of  work¬ 
ing  with  media  in  the  professional  space.” 

“The  new  iPad  can  be  seen  as  more  of  a 
tool  for  digital  media  than  ever  before,  able 
to  work  with  high  resolution  DSLRs  [digital 
single  lens  reflex  camera  images]  and  video, 
high  resolution  audio  files,  high  resolution 
graphics  files,  etc.,”  Levy  adds. 

Although  lacking  the  quad-core  CPU  that 
many  were  expecting,  these  users  see  real 
performance  gains  with  the  new  iPad. 

“The  combination  of  the  retina  display,  the 
[new  A5X]  chip  and  4G/LTE  is  going  to  make 
the  iPad  an  even  more  productive  business 
device,”  says  Hugh  Owens,  director  of  mobile 
at  MicroStrategy,  a  business  intelligence  and 
analytics  software  vendor  with  an  extensive 
iPad  2  deployment,  and  with  iPad  custom¬ 
ers.  “4G  will  enable  users  of  MicroStrategy 
Mobile  [the  company’s  iOS  application]  to 


pull  down  analytics  even  faster,  and  our 
native  app  is  already  positioned  to  take 
advantage  of  the  A5X  chip  for  faster  and 
more  compelling  rendering.” 

“Overall,  the  new  iPad  is  a  significant 
upgrade.  Apple  is  going  to  sell  a  boatload  of 
these,”  says  Derick  Okihara,  IT  technician  at 
Mid-Pacific  Institute  in  Honolulu,  where  he 
oversees  the  iPad  and  iPhone  deployments. 
‘In  our  environment,  having  a  solid  camera 
capable  of  1080p  video,  faster  graphics  for 
apps,  and  the  high  resolution  display,  make 
the  iPad  that  much  more  useful,  especially 
for  students.” 


Levy  sees  camera  applications  that  go 
beyond  snapshots  and  home  videos.  “The 
camera  improvements  will  be  very  useful, 
especially  in  custom  apps  for  data  entry,  bar 
code  reading,  situation  reports  and  documen¬ 
tation,”  he  says.  “Couple  that  camera  with  a 
decent  custom  app  and  many  [enterprise] 
workflows  can  be  changed  for  the  better.” 

The  new  iPad  is  now  more  clearly,  and 
effectively,  a  platform  for  creating  new  kinds 
of  apps,  and  content,  exploiting  images,  video, 
high-definition  audio,  in  new  ways,  according 
to  Randy  Saeks,  network  manager,  North¬ 
brook/Glenview  School  District  30,  North¬ 
brook,  Illi.,  another  iPad  site. 

“What  I  see  in  the  announcement  today 
is  really  showing  that  an  iPad  isn’t  just  a 
consumption  device  but  has  the  ability  to 
create  really  rich,  engaging  content,”  he 
says.  “With  a  lot  of  the  [new]  app  updates 
and  announcements  —  iMovie,  iPhoto,  the 
iWork  suite,  as  well  as  what  is  added  to  the 
hardware  with  a  great  display  and  improved 
camera  —  it  opens  the  door  for  how  they 
can  be  used  in  classrooms  and  creative 
environments.” 

“Especially  with  looking  at  [the  question  of] 
what  kinds  of  devices  to  put  in  the  hands  of 


our  students,  the  value  for  what  you  can  do 
with  the  new  iPad  and  [its]  associated  cost 
is  much  more  attractive  than  it  was  with  the 
first  iPad  announcement,”  Saeks  says. 

Most  of  these  users  agreed  they  see  no  IT- 
specific  implications  in  the  new  iPad,  at  least 
yet.  “I’m  not  seeing  any  challenges  to  support 
the  new  devices,”  Saeks  says. 

One  issue  that’s  been  emerging  over  the 
past  two  years  is  the  need  to  redesign  enter¬ 
prise  Wi-Fi  networks  for  pervasive  con¬ 
nectivity,  and  greater  capacity,  within  the 
enterprise,  as  more  mobile  devices  show 
up,  either  corporately-  or  personally-owned. 

The  new  iPad  with  its 
support  for  high-defini¬ 
tion  video  and,  if  Levy  is 
right,  for  a  new  genera¬ 
tion  of  media-rich  corpo¬ 
rate  apps  and  workflows, 
will  accelerate  this.  IT 
groups  will  have  to  pay 
more  attention  to  using 
the  5  GHz  Wi-Fi  band, 
and  remapping  access 
point  locations  to  sup¬ 
port  shifting  groups  of 
users  with  more  than  one 
Wi-Fi  equipped  mobile 
device. 

“I’ll  have  to  take  a 
deeper  dive  into  iOS 
5.1,”  says  James  Gordon, 
vice  president  of  IT  at 
Needham  Bank,  a  small 
community  bank  in  Massachusetts  that  has 
deployed  iOS  devices  among  a  majority  of  its 
staff  and  the  board  of  directors. 

Apple’s  decision  to  cut  the  price  of  the  iPad 
2  by  $100,  bringing  the  entry-level  price 
to  $399,  may  have  a  significant  impact  on 
deployments.  “This  opens  up  possibilities, 
especially  in  education  markets  with  a  lower 
buy-in  price  point,”  says  Okihara.  “$100  x 
1,000+  [units]  is  significant.” 

Levy  agrees.  “By  lowering  the  price  on  the 
iPad  2  while  bringing  advances  into  the  new 
iPad,  Apple  is  able  to  deliver  new  technology 
and  features  quickly  to  those  who  want  them 
right  away,  while  removing  some  of  the  bar¬ 
rier  of  entry  to  those  who  don’t  yet  have  an 
iPad,”  he  says. 

Gordon  was  hoping  the  rumors  of  a  quad- 
core  CPU  were  true.  And  at  Life  Technolo¬ 
gies,  where  a  lot  of  content  is  in  Adobe  Flash, 
the  continued  and  apparently  eternal  lack  of 
iOS  support  for  that  technology  remains  a 
complaint. 

Prasad  at  Life  Technologies  also  says  he’d 
like  to  see  direct  video  output  for  iPads. 

“The  bar  for  tablets  and  mobile  computers 
has  been  set  very  high  [with  the  new  iPad],” 
Gordon  says.  ■ 


iPads:  Keep  getting  better 


iPad 

iPad2 

The  new  iPad 

Screen 

9.7  inches, 

1024  x  768  pixels, 

132  pixels  per  inch 

9.7  inches, 

1024  x  768  pixels, 

132  pixels  per  inch 

9.7  inches, 

2048x1536, 

264  pixels  per  inch 

Processor 

Single  core  A4, 1GHz 

Dual-core  A5, 1GHz 

Dual-core  A5X 

Storage 

To  64GB 

To  64GB 

To  64GB 

Camera 

None 

Back/front 

Back/5-megapixel  front 

Connectivity 

3G 

3G 

4G 

Starting  price 

$499,  $699  (3G) 

$499,  $629  (3G) 

$499,  $629  (4G) 

NOTES:  CURRENT  iPad  2  pricing:  only  1  model.  16-Gbytes  storage,  Wi-Fi  version:  $399,  add  3G:  $529 
Original  iPad  is  NOT  FOR  SALE  on  the  Apple  website. 
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Beware  the  eye  in  the  sky 


LAST  WEEK’S  column  about  The  Google 
and  its  new  privacy  policy  got  quite  a 
response,  ranging  from  “I  don’t  get  it,  what’s 
the  fuss?”  through  to  “I  don’t  care,  I  have  nothing  to  hide,”  and,  “It’s 
been  pretty  obvious  for  years  where  this  was  all  heading  but  very  few 
people  bothered  to  sound  the  alarm ...  until  now  when  it’s  too  late.” 

To  the  first  and  second  groups,  all  I  can  say  is  good  luck,  the  govern¬ 
ment  will  be  stopping  by  to  tattoo  a  QR  code  on  your  neck. 

As  for  the  last  comment,  I  sort  of  agree  that  it’s  all  gone  too  far,  but 
whether  it’s  too  late  is  a  matter  of  debate.  For  it  to  be  too  late  you’d  have 
to  assume  that  there  is  no  more  personal  privacy  to  be  lost,  that  the  full 
scope  of  how  you  can  be  sliced  and  diced  by  the  government  and  the 
corporations  has  been  achieved.  This  is,  thankfully,  not  the  case. 

So,  what  might  erode  your  remaining  privacy?  In  the  seemingly 
endless  parade  of  new  threats,  there’s  an  issue  that  has  been  brewing 
for  some  time  that’s  starting  to  become  really  big:  drones  that  carry 
surveillance  gear  in  the  form  of  conventional  cameras,  radar,  cellphone 
eavesdropping  systems,  thermal  imagers  and  U  V  cameras. 

Until  recently  the  deployment  of  sophisticated  drones  was  pretty 
much  limited  to  the  military,  but  prices  have  fallen  so  much  that  bat¬ 
tlefield  tech  has  come  back  to  the  homeland.  For  example,  as  The  LA 
Times  reported  (see  story  at  tinyurl.com/6nb2npm)  at  the  end  of  last 
year,  agencies  such  as  the  U.S.  Customs  and  Border  Protection,  the  FBI 
and  the  Drug  Enforcement  Administration  now  own  or  have  access  to 
drones  for  use  on  American  soil. 

Along  with  these  platforms  comes  increasingly  advanced  surveil¬ 
lance  subsystems  such  as  the  Gorgon  Stare  (tinyurl.com/61oexb6). 


which  will  eventually  provide  real-time  monitoring  of  areas  the  size 
of  entire  cities! 

Along  with  this  “big  boy”  gear  there’s  been  an  explosion  of  drone-type 
products  in  the  civilian  market.  Consider  the  Draganflyer  X8  (tinyurl. 
com/2ermcts),  a  sophisticated  remote-control  helicopter.  This  system  is 
capable  of  hoisting  a  variety  of  cameras  and  other  devices  and  is  as  loud 
at  three  feet  away  as  the  dial  tone  on  a  phone ...  all  for  around  $25,000. 

What  concerns  many  people  is  that  having  these  kinds  of  surveil¬ 
lance  systems  without  any  kind  of  acceptable  use  policy  will  almost 
certainly  lead  to  abuse.  In  a  Stanford  Law  Review  article  titled  “The 
Drone  as  Privacy  Catalyst,”  M.  Ryan  Calo,  director  for  privacy  and 
robotics,  Center  for  Internet  and  Society,  commented: 

“Citizens  do  not  generally  enjoy  a  reasonable  expectation  of  privacy  in 
public,  nor  even  in  the  portions  of  their  property  visible  from  a  public 
vantage.  In  1986,  the  Supreme  Court  found  no  search  where  local  police 
flew  over  the  defendant’s  backyard  with  a  private  plane.  A  few  years  later, 
the  Court  admitted  evidence  spotted  by  an  officer  in  a  helicopter  looking 
through  two  missing  roof  panels  in  a  greenhouse.  Neither  the  Constitu¬ 
tion  nor  common  law  appears  to  prohibit  police  or  the  media  from  rou¬ 
tinely  operating  surveillance  drones  in  urban  and  other  environments.” 

So  along  with  surveillance  video,  unauthorized  wiretaps,  cellphone 
location  and  all  of  the  other  intrusive  technologies,  we  can  now  expect 
to  be  spied  on  from  above  as  well.  Unless  we  get  real  privacy  laws  in 
place,  the  only  real  privacy  will  be  when  we’re  dead.  ■ 

Try  to  find  Gibbs  at  backspin@gibbs.com  and  follow  him  on  Twitter 
(@quistuipater)  and  on  Facebook  (quistuipater). 
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If  the  Dow  had  chosen  Apple  instead  of  Cisco 


AFTER  THE  Dow  Jones  industrial  average 
hit  13,000  recently,  San  Jose  Mercury  News 
columnist  Mike  Cassidy  made  an  impas¬ 
sioned  case  for  including  Apple  in  the  index,  a  position  he  buttressed 
by  citing  an  analysis  by  Adam  Nash  of  Greylock  Partners. 

No  one,  including  Cassidy  and  Nash,  believes  that  Apple’s  inclusion 
will  happen  any  time  soon,  if  ever.  However,  it  could  have  happened  —  at 
least  hypothetically  —  back  almost  three  years  ago  now  when  Cisco  was 
chosen  to  replace  General  Motors  in  the  Dow  lineup  of  30  companies. 

Greylock’s  Nash  wrote  last  month  on  his  personal  blog:  “The  ques¬ 
tion  I  explored  was  simple  —  what  would  have  happened  if  [Dow 
Jones]  had  replaced  General  Motors  with  Apple  on  June  8,  2009 
[instead  of  with  Cisco].  After  all,  Apple  was  up  over  80%  off  its  lows 
post-crash.  The  company  had  a  large,  but  not  overwhelming  market 
capitalization.  The  index  is  already  filled  with  ‘big  iron’  tech  stocks, 
like  Intel,  HP  &  IBM.  Why  add  Cisco?  Why  not  add  a  consumer  tech 
name  instead?  In  fact,  there  is  no  readily  obvious  justification  for  add¬ 
ing  Cisco  to  the  index  in  2009  instead  of  Apple." 

What  would  have  happened  is  that  the  Dow  Jones  industrial  average 
—  the  most  widely  cited  measure  of  stock  market  health  and  a  major 
contributor  to  general  public  attitudes  toward  the  economy  —  would 
have  fared  better  by  roughly  the  difference  between  Apple’s  phenom¬ 
enal  performance  and  Cisco’s  anemic  one  since  that  time. 

Ah,  but  the  idea  of  Apple  (or  Google,  if  you’re  wondering)  being 
included  in  the  Dow  is  fanciful  at  best,  as  the  Dow  Jones  Indexes’  blog 
attempted  to  explain  on  Feb.  8:  “Typically  a  company  is  added  to  The 
Dow  only  if  [it]  has  an  excellent  reputation,  demonstrates  sustained 


growth  and  is  of  interest  to  a  large  number  of  investors.  While  it’s  true 
that  both  Apple  and  Google  would  certainly  seem  to  meet  these  criteria, 
this  qualification  doesn’t  necessitate  their  inclusion  in  The  Dow  —  nor 
does  their  sheer  size,  although  it  also  weighs  in  their  favor.  The  Dow’s 
methodology  allows  for  subjectivity,  and  ultimately  stock  changes  are 
made  at  the  discretion  of  the  Averages  Committee.” 

So  what’s  the  problem?  In  a  word:  price.  Apple  and  Google  trade  at 
such  high  prices  that  their  inclusion  would  skew  the  Dow  both  today 
and  historically. 

Nash  thinks  little  of  that  explanation  —  especially  as  it  applied  to 
Apple  vs.  Cisco  circa  2009  —  but  he  reserves  his  greater  scorn  for 
something  other  than  that  discretionary  decision:  the  Dow  itself: 
“Look,  I’m  just  going  to  say  it.  The  Dow  Jones  Industrial  Average  is 
ridiculous ...  a  mathematical  farce.” 

Nevertheless,  Nash  did  the  math  using  the  rules  that  Dow  Jones  uses. 
Had  Apple  instead  of  Cisco  replaced  GM  in  2009,  we  wouldn’t  be  talk¬ 
ing  about  the  13,000  mark  because  the  Dow  would  be  over  15,000 
by  now. 

Remember  two  things:  A  committee  made  that  decision  using  “sub¬ 
jectivity”  and  “discretion.”  And  in  a  presidential  election  year,  nothing 
matters  more  than  public  perceptions  about  the  economy. 

That’s  not  to  suggest  that  Dow  Jones  in  any  way,  shape  or  form  con¬ 
sidered  the  political  implications  in  choosing  Cisco  over  Apple:  rather, 
only  that  there  is  certainly  the  potential  for  political  implications 
whenever  Dow  Jones  messes  with  the  lineup.  ■ 

Comments  and  market  tips  should  be  directed  to  buzz@nww.com. 
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I.  T.  WORKS  BETTER  TOGETHER. 


With  HP  Converged  Infrastructure  solutions  powered  by  Intel®  Xeon®  processors,  you  can 
spend  over  70%  of  your  time  and  IT  budget  on  innovation  rather  than  maintenance.* 


HP  Converged  Infrastructure  integrates  servers,  storage,  networking,  security, 
and  management  software  into  turnkey  systems  that  accelerate  IT,  reduce 
application  provisioning  time  by  75%,  and  get  you  ready  for  the  cloud.* 

convergedinfrastructure.com 


*  Substantiation:  HP  white  paper,  Measuring  the  Business  Value  of  Converged  Infrastructure  in  the  Data  Center,  October  2011 
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